Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2022-22782
Analyzed
More InfoOfficial Page
Source-security@zoom.us
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2022 | 15:15
Updated At-08 Aug, 2023 | 14:21

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Secondary3.17.9HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Primary2.06.6MEDIUM
AV:L/AC:L/Au:N/C:N/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.9
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:N/I:C/A:C
CPE Matches
Zoom Communications, Inc.
zoom
>>meetings>>Versions before 5.9.7(exclusive)
cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>rooms_for_conference_rooms>>Versions before 5.10.0(exclusive)
cpe:2.3:a:zoom:rooms_for_conference_rooms:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>vdi_windows_meeting_clients>>Versions before 5.9.6(exclusive)
cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:*:*:*
Zoom Communications, Inc.
zoom
>>zoom_plugin_for_microsoft_outlook>>Versions before 5.10.3(exclusive)
cpe:2.3:a:zoom:zoom_plugin_for_microsoft_outlook:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://explore.zoom.us/en/trust/security/security-bulletin/security@zoom.us
Vendor Advisory
Hyperlink: https://explore.zoom.us/en/trust/security/security-bulletin/
Source: security@zoom.us
Resource:
Vendor Advisory
Change History
0Changes found
Details not found