CVE-2022-28753
Zoom On-Premise Deployments: Improper Access Control Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
Zoom On-Premise Meeting Connector MMR versiones anteriores a 4.8.129.20220714, contiene una vulnerabilidad de control de acceso inapropiada. Como resultado, un actor malicioso puede unirse a una reunión a la que está autorizado a unirse sin aparecer ante los demás participantes, puede admitirse a sí mismo en la reunión desde la sala de espera, y puede convertirse en anfitrión y causar otras interrupciones en la reunión
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-06 CVE Reserved
- 2022-08-11 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin | 2023-06-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zoom Search vendor "Zoom" | Meeting Connector Search vendor "Zoom" for product "Meeting Connector" | < 4.8.129.20220714 Search vendor "Zoom" for product "Meeting Connector" and version " < 4.8.129.20220714" | - |
Affected
| ||||||