CVE-2022-22782 Information

Description

The Zoom Client for Meetings for Windows prior to version 5.9.7 Zoom Rooms for Conference Room for Windows prior to version 5.10.0 Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3 and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders causing integrity or availability issues on the user’s host machine.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Reference

https://explore.zoom.us/en/trust/security/security-bulletin/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1