PT-2022-19208 · Zoom · Zoom On-Premise Meeting Connector Controller

Published

2022-08-11

Updated

2022-08-18

CVE-2022-28750

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoom On-Premise Meeting Connector Zone Controller (ZC) versions prior to 4.8.20220419.112

Description The issue arises from the improper parsing of STUN error codes, leading to potential memory corruption. This could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, it could also be exploited to execute arbitrary code.

Recommendations For versions prior to 4.8.20220419.112, update to version 4.8.20220419.112 or later to resolve the issue. For versions older than 4.8.12.20211115, updating to a version 4.8.12.20211115 or later is also crucial to prevent arbitrary code execution.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2022-28750

Affected Products

Zoom On-Premise Meeting Connector Controller

PT-2022-19208 · Zoom · Zoom On-Premise Meeting Connector Controller

CVE-2022-28750

Weakness Enumeration

Related Identifiers

Affected Products

References · 3