CVE-2022-28761 MEDIUM

CVE-2022-28761: Zoom On-Premise Deployments: Improper Access Control

Vendor Zoom Video Communications Inc
Product Zoom On-Premise Meeting Connector MMR
Weakness CWE-284
Published October 14, 2022
Last update May 14, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.

Key dates

02Disclosure timeline

October 14, 2022 CVE published
May 14, 2025 Record updated