CVE-2022-22785
Description
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.182
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0 | Windows |
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0(x64) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (x64) (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Citrix Receiver (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Client for VDI (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Vmware Horizon Client (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Windows Virtual Desktop Client (5.10.0) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Notes Plugin (5.10.0.306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Outlook Plugin (5.10.0.301) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC 5.10.0.5714 | Mac |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC (Apple Silicon) 5.10.0.5714 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323038 | Zoom (5.9.1.2581) |
| PATCH-319772 | Zoom (x64) (5.6.6.961) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-324601 | Zoom Client for VDI (5.10.0.21068) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-324009 | Zoom Plugin for Citrix Receiver (5.9.6.20931) |
| PATCH-332248 | Zoom Plugin for Windows Virtual Desktop Client (5.15.4.23940) |
| PATCH-331891 | Zoom Notes Plugin (5.15.5.925) |
| PATCH-331892 | Zoom Outlook Plugin (5.15.5.926) |
| PATCH-611907 | Zoom for MAC (Intel) (6.5.12.63499) |
| PATCH-611909 | Zoom for MAC (Apple Silicon) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234