PT-2022-2780 · Zoom · Zoom Rooms For Conference Room+2
Ivan Fratric
·
Published
2022-01-07
·
Updated
2022-07-07
·
CVE-2022-22786
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings versions prior to 5.10.0
Zoom Rooms for Conference Room versions prior to 5.10.0
Description
The issue is related to the improper checking of the installation version during the update process. This could be exploited in a sophisticated attack to trick a user into downgrading their client to a less secure version, potentially allowing a remote attacker to bypass certain security restrictions.
Recommendations
For Zoom Client for Meetings versions prior to 5.10.0, update to version 5.10.0 or later to resolve the issue.
For Zoom Rooms for Conference Room versions prior to 5.10.0, update to version 5.10.0 or later to resolve the issue.
As a temporary workaround, consider restricting the update process to prevent potential downgrades until a patch is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zoom Client For Meetings
Zoom Rooms For Conference Room
Zoom