Lucene search

[email protected]CVE-2022-22782

HistoryApr 28, 2022 - 3:15 p.m.

CVE-2022-22782

2022-04-2815:15:09

[email protected]

web.nvd.nist.gov

137

cve-2022-22782

zoom

windows

local privilege escalation

security vulnerability

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.0%

JSON

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.

Affected configurations

NVD

Node

zoommeetingsRange<5.9.7windows

zoomrooms_for_conference_roomsRange<5.10.0windows

zoomvdi_windows_meeting_clientsRange<5.9.6

zoomzoom_plugin_for_microsoft_outlookRange<5.10.3windows

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.9.7
zoom:rooms_for_conference_roomszoom rooms for conference roomslt5.10.0
zoom:vdi_windows_meeting_clientszoom vdi windows meeting clientslt5.9.6
zoom:zoom_plugin_for_microsoft_outlookzoom zoom plugin for microsoft outlooklt5.10.3

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.9.7
zoom:rooms_for_conference_rooms	zoom rooms for conference rooms	lt	5.10.0
zoom:vdi_windows_meeting_clients	zoom vdi windows meeting clients	lt	5.9.6
zoom:zoom_plugin_for_microsoft_outlook	zoom zoom plugin for microsoft outlook	lt	5.10.3

CNA Affected

[
  {
    "product": "Zoom Client for Meetings for Windows",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.9.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Rooms for Conference Room for Windows",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Plugins for Microsoft Outlook for Windows",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.10.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom VDI Windows Meeting Clients",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.9.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]