CVE-2022-22787

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings versions prior to 5.10.0

Description The issue is related to the improper validation of the hostname during a server switch request. This could be used in a sophisticated attack to trick an unsuspecting user's client into connecting to a malicious server when attempting to use Zoom services. The vulnerability may allow a remote attacker to perform a man-in-the-middle attack.

Recommendations For versions prior to 5.10.0, update to version 5.10.0 or later to resolve the issue. As a temporary workaround, consider restricting server switch requests to trusted hosts until a patch is applied. Avoid using the Zoom Client for Meetings until the issue is resolved.