Zoom On-Prem MMR <4.8.129 Improper Access: Hidden Join & Host Takeover
CVE-2022-28753 Published on August 11, 2022

Zoom On-Premise Deployments: Improper Access Control Vulnerability
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

NVD

Vulnerability Analysis

CVE-2022-28753 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2022-28753 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2022-28753

Want to know whenever a new CVE is published for Zoom Meeting Connector? stack.watch will email you.

Zoom Meeting Connector
 

Affected Versions

Zoom Video Communications Inc Zoom On-Premise Meeting Connector MMR:

Exploit Probability

EPSS
0.16%
Percentile
36.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.