CVE-2022-22786 vulnerability in Zoom Products
Published on May 18, 2022
Update package downgrade in Zoom Client for Meetings for Windows
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
Vulnerability Analysis
CVE-2022-22786 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2022-22786
stack.watch emails you whenever new vulnerabilities are published in Zoom Meetings or Zoom Rooms. Just hit a watch button to start following.
Affected Versions
Zoom Video Communications Inc Zoom Client for Meetings for Windows:- Version unspecified and below 5.10.0 is affected.
- Version unspecified and below 5.10.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.