Zoom Client 5.12.0 macOS Debug Port Misconfig in Zoom App API
CVE-2022-28762 Published on October 14, 2022

Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.

NVD

Vulnerability Analysis

CVE-2022-28762 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
LOW

Weakness Type

Configuration

Weaknesses in this category are typically introduced during the configuration of the software.


Products Associated with CVE-2022-28762

Want to know whenever a new CVE is published for Zoom Meetings? stack.watch will email you.

Zoom Meetings
 

Affected Versions

Zoom Video Communications Inc Zoom Client for Meetings for MacOS:

Exploit Probability

EPSS
0.18%
Percentile
38.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.