CVE-2022-28754 HIGH

CVE-2022-28754: Zoom On-Premise Deployments: Improper Access Control Vulnerability

Vendor Zoom Video Communications Inc

Product Zoom On-Premise Meeting Connector MMR

Weakness CWE-284

Published August 11, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Key dates

02Disclosure timeline

August 11, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-28754

Related vulnerabilities

Identifiers

CVE CVE-2022-28754

CWE CWE-284

CVSS 7.1 / HIGH

Affected versions