ByteOS Network

NVD Vulnerability Details :

CVE-2022-28766

Analyzed

Source-security@zoom.us

Published At-17 Nov, 2022 | 23:15

Updated At-22 Nov, 2022 | 16:14

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Secondary	3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CPE Matches

Zoom Communications, Inc.

>>meetings>>Versions before 5.12.6(exclusive)

cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*

Zoom Communications, Inc.

>>rooms>>Versions before 5.12.6(exclusive)

cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*

Weaknesses

CWE ID	Type	Source
CWE-427	Primary	nvd@nist.gov
CWE-94	Secondary	security@zoom.us

CWE ID: CWE-427

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-94

Type: Secondary

Source: security@zoom.us

References

Hyperlink	Source	Resource
https://explore.zoom.us/en/trust/security/security-bulletin/	security@zoom.us	Vendor Advisory

Hyperlink: https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History