CVE-2022-28762 HIGH

CVE-2022-28762: Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS

Vendor Zoom Video Communications Inc
Product Zoom Client for Meetings for MacOS
Weakness CWE-16
Published October 14, 2022
Last update May 14, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.

Key dates

02Disclosure timeline

October 14, 2022 CVE published
May 14, 2025 Record updated