PT-2022-19209 · Zoom · Zoom On-Premise Meeting Connector Mmr
Published
2022-08-11
·
Updated
2023-06-28
·
CVE-2022-28753
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zoom On-Premise Meeting Connector MMR versions prior to 4.8.129.20220714
Description
The issue allows a malicious actor to join a meeting without appearing to other participants, admit themselves from the waiting room, become the host, and cause meeting disruptions due to improper access control.
Recommendations
For versions prior to 4.8.129.20220714, update to version 4.8.129.20220714 or later to resolve the issue. As a temporary workaround, consider restricting access to meeting controls and waiting room management to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom On-Premise Meeting Connector Mmr