CVE-2022-28750 HIGH

CVE-2022-28750: Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector

Vendor Zoom Video Communications Inc
Product Zoom On-Premise Meeting Connector Zone Controller (ZC)
Weakness CWE-121
Published August 11, 2022
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.

Key dates

02Disclosure timeline

August 11, 2022 CVE published
September 16, 2024 Record updated