CVE-2022-28753
Last modified
CVE-2022-28753 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Meeting Connector | < 4.8.129.20220714 |
References
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-28753?
How severe is CVE-2022-28753?
How do I fix CVE-2022-28753?
Are you affected by CVE-2022-28753?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST