PT-2022-4376 · Zoom · Zoom Rooms For Conference Room For Windows+1
Sim0Nsecurity
·
Published
2022-08-17
·
Updated
2022-08-19
·
CVE-2022-28752
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0
Zoom Client for Meetings for macOS (affected versions not specified)
Description
The issue is related to a Local Privilege Escalation vulnerability that could be exploited by a local low-privileged malicious user to escalate their privileges to the SYSTEM user. Additionally, there is an issue with the Zoom Client for Meetings for macOS related to incorrect cryptographic signature verification, which could allow an attacker to execute arbitrary code with root privileges.
Recommendations
For Zoom Rooms for Conference Rooms for Windows versions before 5.11.0: Update to version 5.11.0 or later to resolve the issue.
For Zoom Client for Meetings for macOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Client For Meetings For Macos
Zoom Rooms For Conference Room For Windows