Vulnerability Description
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Meetings | < 5.10.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-CoThird Party AdvisoryVDB Entry
- https://explore.zoom.us/en/trust/security/security-bulletinVendor Advisory
- http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-CoThird Party AdvisoryVDB Entry
- https://explore.zoom.us/en/trust/security/security-bulletinVendor Advisory
FAQ
What is CVE-2022-22787?
CVE-2022-22787 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a m...
How severe is CVE-2022-22787?
CVE-2022-22787 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22787?
Check the references section above for vendor advisories and patch information. Affected products include: Zoom Meetings.