Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Zoom Rooms for Conference Room for Windows by Zoom Video Communications Inc

    CVE-2022-22786 (GCVE-0-2022-22786)

    Vulnerability from nvd – Published: 2022-05-18 15:42 – Updated: 2026-06-02 13:47
    VLAI
    Title
    Update package downgrade in Zoom Client for Meetings for Windows
    Summary
    The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Less Trusted Source
    Assigner
    References
    Date Public
    2022-05-17 00:00
    Credits
    Ivan Fratric of Google Project Zero
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T13:47:39.147349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:47:48.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ivan Fratric of Google Project Zero"
            }
          ],
          "datePublic": "2022-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Less Trusted Source",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T15:42:46.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Update package downgrade in Zoom Client for Meetings for Windows",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
              "ID": "CVE-2022-22786",
              "STATE": "PUBLIC",
              "TITLE": "Update package downgrade in Zoom Client for Meetings for Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ivan Fratric of Google Project Zero"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Less Trusted Source"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22786",
        "datePublished": "2022-05-18T15:42:46.414Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2026-06-02T13:47:48.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-22782 (GCVE-0-2022-22782)

    Vulnerability from nvd – Published: 2022-04-28 15:00 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Local privilege escalation in Windows Zoom Clients
    Summary
    The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
    CWE
    • Incorrect Privilege Assignment
    Assigner
    References
    Date Public
    2022-04-27 00:00
    Credits
    Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Plugins for Microsoft Outlook for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom VDI Windows Meeting Clients",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Zero Day Initiative"
            }
          ],
          "datePublic": "2022-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T15:00:14.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Local privilege escalation in Windows Zoom Clients",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
              "ID": "CVE-2022-22782",
              "STATE": "PUBLIC",
              "TITLE": "Local privilege escalation in Windows Zoom Clients"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Plugins for Microsoft Outlook for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom VDI Windows Meeting Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Privilege Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22782",
        "datePublished": "2022-04-28T15:00:14.188Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:08.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22786 (GCVE-0-2022-22786)

    Vulnerability from cvelistv5 – Published: 2022-05-18 15:42 – Updated: 2026-06-02 13:47
    VLAI
    Title
    Update package downgrade in Zoom Client for Meetings for Windows
    Summary
    The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Less Trusted Source
    Assigner
    References
    Date Public
    2022-05-17 00:00
    Credits
    Ivan Fratric of Google Project Zero
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T13:47:39.147349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:47:48.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Ivan Fratric of Google Project Zero"
            }
          ],
          "datePublic": "2022-05-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Less Trusted Source",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T15:42:46.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Update package downgrade in Zoom Client for Meetings for Windows",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
              "ID": "CVE-2022-22786",
              "STATE": "PUBLIC",
              "TITLE": "Update package downgrade in Zoom Client for Meetings for Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Ivan Fratric of Google Project Zero"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Less Trusted Source"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22786",
        "datePublished": "2022-05-18T15:42:46.414Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2026-06-02T13:47:48.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-22782 (GCVE-0-2022-22782)

    Vulnerability from cvelistv5 – Published: 2022-04-28 15:00 – Updated: 2024-09-17 02:37
    VLAI
    Title
    Local privilege escalation in Windows Zoom Clients
    Summary
    The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.
    CWE
    • Incorrect Privilege Assignment
    Assigner
    References
    Date Public
    2022-04-27 00:00
    Credits
    Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.155Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoom Client for Meetings for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Rooms for Conference Room for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom Plugins for Microsoft Outlook for Windows",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.10.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Zoom VDI Windows Meeting Clients",
              "vendor": "Zoom Video Communications Inc",
              "versions": [
                {
                  "lessThan": "5.9.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Zero Day Initiative"
            }
          ],
          "datePublic": "2022-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T15:00:14.000Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "Local privilege escalation in Windows Zoom Clients",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "Zoom Video Communications Inc",
              "ASSIGNER": "security@zoom.us",
              "DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
              "ID": "CVE-2022-22782",
              "STATE": "PUBLIC",
              "TITLE": "Local privilege escalation in Windows Zoom Clients"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoom Client for Meetings for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Rooms for Conference Room for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom Plugins for Microsoft Outlook for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.10.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Zoom VDI Windows Meeting Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.9.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoom Video Communications Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Privilege Assignment"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
                  "refsource": "MISC",
                  "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
                }
              ]
            },
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2022-22782",
        "datePublished": "2022-04-28T15:00:14.188Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:37:08.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }