CVE-2022-22787
Description
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.331
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0 | Windows |
| Vulnerabilities CVE-2022-22784,CVE-2022-22785,CVE-2022-22787 are affected in Zoom 5.9.0(x64) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (x64) (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Citrix Receiver (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Client for VDI (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom (5.10.0.4306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Vmware Horizon Client (5.10.0.21068) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Plugin for Windows Virtual Desktop Client (5.10.0) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Notes Plugin (5.10.0.306) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22786,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom Outlook Plugin (5.10.0.301) | Windows |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC 5.10.0.5714 | Mac |
| Vulnerabilities CVE-2022-22787,CVE-2022-22785,CVE-2022-22784 are fixed in Zoom for MAC (Apple Silicon) 5.10.0.5714 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-323038 | Zoom (5.9.1.2581) |
| PATCH-319772 | Zoom (x64) (5.6.6.961) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-324601 | Zoom Client for VDI (5.10.0.21068) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-324009 | Zoom Plugin for Citrix Receiver (5.9.6.20931) |
| PATCH-332248 | Zoom Plugin for Windows Virtual Desktop Client (5.15.4.23940) |
| PATCH-331891 | Zoom Notes Plugin (5.15.5.925) |
| PATCH-331892 | Zoom Outlook Plugin (5.15.5.926) |
| PATCH-611907 | Zoom for MAC (Intel) (6.5.12.63499) |
| PATCH-611909 | Zoom for MAC (Apple Silicon) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234