CVE-2022-22784
Description
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.243
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0 | Windows |
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0(x64) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (x64) (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Citrix Receiver (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Client for VDI (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Vmware Horizon Client (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Windows Virtual Desktop Client (5.10.0) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Notes Plugin (5.10.0.306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Outlook Plugin (5.10.0.301) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC 5.10.0.5714 | Mac |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC (Apple Silicon) 5.10.0.5714 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323038 | Zoom (5.9.1.2581) |
| PATCH-319772 | Zoom (x64) (5.6.6.961) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-324601 | Zoom Client for VDI (5.10.0.21068) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-324009 | Zoom Plugin for Citrix Receiver (5.9.6.20931) |
| PATCH-332248 | Zoom Plugin for Windows Virtual Desktop Client (5.15.4.23940) |
| PATCH-331891 | Zoom Notes Plugin (5.15.5.925) |
| PATCH-331892 | Zoom Outlook Plugin (5.15.5.926) |
| PATCH-611907 | Zoom for MAC (Intel) (6.5.12.63499) |
| PATCH-611909 | Zoom for MAC (Apple Silicon) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234