Zoom Rooms
By the Year
In 2023 there have been 5 vulnerabilities in Zoom Rooms with an average score of 7.8 out of ten. Last year Rooms had 6 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Rooms in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.67.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 5 | 7.80 |
2022 | 6 | 7.13 |
2021 | 2 | 7.80 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Rooms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zoom Rooms Security Vulnerabilities
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability
CVE-2022-36930
7.8 - High
- January 09, 2023
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability
CVE-2022-36929
7.8 - High
- January 09, 2023
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability
CVE-2022-36927
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability
CVE-2022-36926
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism
CVE-2022-36925
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
Use of Hard-coded Credentials
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability
CVE-2022-36924
7.8 - High
- November 17, 2022
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
DLL preloading
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability
CVE-2022-28766
7.3 - High
- November 17, 2022
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
DLL preloading
The Zoom Client for Meetings (for Android
CVE-2022-28764
3.3 - Low
- November 14, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
Insufficient Cleanup
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability
CVE-2022-28752
7.8 - High
- August 17, 2022
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
The Zoom Opener installer is downloaded by a user
CVE-2022-22788
7.8 - High
- June 15, 2022
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
DLL preloading
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0
CVE-2022-22786
8.8 - High
- May 18, 2022
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
Download of Code Without Integrity Check
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges
CVE-2021-34411
7.8 - High
- September 27, 2021
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
Improper Privilege Management
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0
CVE-2021-34409
7.8 - High
- September 27, 2021
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zoom Screen Sharing or by Zoom? Click the Watch button to subscribe.
