Upcoming Webinar: DPDP Act and Cybersecurity Essentials for Indian Manufacturers - 23rd July

Register Today
zoom-application-vulnerability

Analysis

In Mid-September CERT-In (Indian Computer Emergency Response Team) identified two high-severity vulnerabilities in the Zoom On-Premises Meeting Connector MMR application.

If the vulnerability is successfully exploited, the malicious actor could acquire unauthorized access and gain the ability to obtain the audio and video feed of a meeting they are not authorized to participate in, as well as cause unauthorized disruptions.

The vulnerability was classified as CVE-2022-28758 and CVE-2022-28759 in the Common Vulnerability and exposures vulnerability database, which has a severity of “High” and a vulnerability score of 8.2 as per CVSS v3.1(Common vulnerability scoring system).

The weakness in the software was identified as CWE-284 (Improper Access Control) based on cwe.mitre.org, Zoom advised its users to update to the latest version from https://zoom.us/download.

 

CVSS v3.1: 8.2 (High)

 

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: Low

Availability: None

 

Prevention

Update the Zoom On-Premises version to 4.8.20220815.130 or later.

 

References

Zoom Security Bulletins

NIST-National Institute of Standards and Technology

 

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.