- 03/2023
- High
Zoom has released security updates to fix vulnerabilities in multiple products.
the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges, bypass security restrictions, or traverse directories on the system.
Samples of the addressed vulnerabilities:
1. Zoom Rooms for macOS Privilege Escalation (CVE-2022-36926):
• CVSS: 8.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Privileges
2. Zoom Rooms for Windows Installers Privilege Escalation (CVE-2022-36930):
• CVSS: 8.2
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: Required
• Consequences: Gain Privilege
Sample of the affected products:
• Zoom Rooms for Windows clients before version 5.13.0.
• Zoom for Android clients before version 5.13.0.
• Zoom Rooms for macOS before version 5.11.4.
Vulnerabilities
- CVE-2022-36925
- CVE-2022-36926
- CVE-2022-36927
- CVE-2022-36928
- CVE-2022-36929
- CVE-2022-36930
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.