SB2022081814 - Improper access control in Zoom On-Premise Meeting Connector

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022081814

SB2022081814 - Improper access control in Zoom On-Premise Meeting Connector

Published: August 18, 2022

Security Bulletin ID SB2022081814
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2022-28753)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and join the meeting they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.


2) Improper access control (CVE-ID: CVE-2022-28754)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and join the meeting they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.


Remediation

Install update from vendor's website.

References