Vulnerability Details : CVE-2022-22782
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
Vulnerability category: Gain privilege
Products affected by CVE-2022-22782
- cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*
- cpe:2.3:a:zoom:zoom_plugin_for_microsoft_outlook:*:*:*:*:*:windows:*:*
- cpe:2.3:a:zoom:rooms_for_conference_rooms:*:*:*:*:*:windows:*:*
- cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22782
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22782
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:C |
3.9
|
9.2
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
1.8
|
5.2
|
NIST | |
7.9
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H |
1.5
|
5.8
|
Zoom Video Communications, Inc. |
CWE ids for CVE-2022-22782
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-22782
-
https://explore.zoom.us/en/trust/security/security-bulletin/
Security Bulletin - ZoomVendor Advisory
Jump to