#VU73695 Man-in-the-Middle (MitM) attack in Zoom Video Communications, Inc. products - CVE-2023-22885

Cybersecurity Help s.r.o.

Published: 2023-03-15

Vulnerability identifier: #VU73695

Vulnerability risk: Medium

CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22885

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Zoom Workplace Desktop App for Windows
Client/Desktop applications / Office applications
Zoom Workplace Desktop App for macOS
Client/Desktop applications / Office applications
Zoom Workplace Desktop App for Linux
Client/Desktop applications / Office applications
Zoom Rooms for Windows
Client/Desktop applications / Office applications
Zoom Workplace App for Android
Mobile applications / Apps for mobile phones
Zoom Workplace App for iOS
Mobile applications / Apps for mobile phones
Zoom Rooms for macOS
Client/Desktop applications / Messaging software
Virtual Desktop Infrastructure (VDI)
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Zoom Video Communications, Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the way the Zoom client handles SMB shares. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for Windows: 5.0.0 23168.0427 - 5.13.4 11835

Zoom Workplace App for Android: 5.0.1 23478.0429 - 5.13.4 11364

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 5.13.4 14461

Zoom Workplace Desktop App for Linux: 5.1.418436.0628 - 5.13.4 711

Zoom Workplace App for iOS: 5.0.0 23161.0427 - 5.13.4 6295

Zoom Rooms for Windows: 5.0.0 1420.0426 - 5.13.0 2301

Zoom Rooms for macOS: 5.0.0 2236.0426 - 5.13.0 2196

Virtual Desktop Infrastructure (VDI): 5.0.1 - 5.13.1

External links
https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23005

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Zoom clients