Rewterz Threat Advisory – CVE-2022-28752 – Zoom Rooms for Conference Room Windows Vulnerability
August 12, 2022Rewterz Threat Advisory – Zimbra Collaboration And Zimbra Collaboration Suite (ZCS) Vulnerabilities – Exploit in the Wild
August 12, 2022Rewterz Threat Advisory – CVE-2022-28752 – Zoom Rooms for Conference Room Windows Vulnerability
August 12, 2022Rewterz Threat Advisory – Zimbra Collaboration And Zimbra Collaboration Suite (ZCS) Vulnerabilities – Exploit in the Wild
August 12, 2022Severity
High
Analysis Summary
CVE-2022-28754 CVSS:
Zoom On-Premise Meeting Connector MMR could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to become host in a meeting without appearing to the other participants, and cause other meeting disruptions.
CVE-2022-28753 CVSS:7.1
Zoom On-Premise Meeting Connector MMR could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to become host in a meeting without appearing to the other participants, and cause other meeting disruptions.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-28754
- CVE-2022-28753
Affected Vendors
- Zoom
Affected Products
Zoom On-Premise Meeting Connector MMR 4.8
Remediation
Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.