Zoom Client Installer macOS LPE before v5.12.6
CVE-2022-28768 Published on November 17, 2022

Local Privilege Escalation in Zoom Client Installer for macOS
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.

NVD

Vulnerability Analysis

CVE-2022-28768 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Permission Race Condition During Resource Copy

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.


Products Associated with CVE-2022-28768

Want to know whenever a new CVE is published for Zoom Meetings? stack.watch will email you.

Zoom Meetings
 

Affected Versions

Zoom Video Communications Inc Zoom Client for Meetings Installer for macOS (Standard and for IT Admin):

Exploit Probability

EPSS
0.03%
Percentile
8.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.