PT-2022-19214 · Zoom · Zoom On-Premise Meeting Connector Mmr
Published
2022-10-14
·
Updated
2022-10-18
·
CVE-2022-28760
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zoom On-Premise Meeting Connector MMR versions prior to 4.8.20220815.130
Description
The issue allows a malicious actor to obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions due to an improper access control vulnerability.
Recommendations
For versions prior to 4.8.20220815.130, update to version 4.8.20220815.130 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive meetings and implementing additional security measures to minimize the risk of unauthorized access.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom On-Premise Meeting Connector Mmr