CVE-2022-22787 MEDIUM

CVE-2022-22787: Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings

Vendor Zoom Video Communications Inc
Product Zoom Client for Meetings for Android
Published May 18, 2022
Last update September 17, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.

Key dates

02Disclosure timeline

May 18, 2022 CVE published
September 17, 2024 Record updated