Vulnerability Description
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Meetings | < 5.9.7 |
| Zoom | Rooms For Conference Rooms | < 5.10.0 |
| Zoom | Vdi Windows Meeting Clients | < 5.9.6 |
| Zoom | Zoom Plugin For Microsoft Outlook | < 5.10.3 |
References
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
FAQ
What is CVE-2022-22782?
CVE-2022-22782 is a vulnerability with a CVSS score of 7.9 (HIGH). The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.1...
How severe is CVE-2022-22782?
CVE-2022-22782 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22782?
Check the references section above for vendor advisories and patch information. Affected products include: Zoom Meetings, Zoom Rooms For Conference Rooms, Zoom Vdi Windows Meeting Clients, Zoom Zoom Plugin For Microsoft Outlook.