CVE-2022-36925 — MEDIUM (4.4)

Q: How severe is CVE-2022-36925?

CVE-2022-36925 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36925?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Rooms.

Vulnerability Description

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Zoom	Rooms	< 5.11.4

Related Weaknesses (CWE)

CWE-321 CWE-798

References

https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory

FAQ

What is CVE-2022-36925?

CVE-2022-36925 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was gen...

How severe is CVE-2022-36925?

CVE-2022-36925 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36925?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Rooms.