SB2022091355 - Unauthorized access to meetings in Zoom Meeting Connector

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2022-28758)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and obtain the audio and video feed of a meeting or cause other meeting disruptions.

2) Improper access control (CVE-ID: CVE-2022-28759)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and obtain the audio and video feed of a meeting or cause other meeting disruptions.

3) Improper access control (CVE-ID: CVE-2022-28760)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and join a meeting pretending to be another participant.

Remediation

Install update from vendor's website.

References

• https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22020
• https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-22021