CVE-2022-22782 - OpenCVE

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zoom	Meetings Rooms For Conference Rooms Vdi Windows Meeting Clients Zoom Plugin For Microsoft Outlook

Configuration 1 [-]

OR	cpe:2.3:a:zoom:meetings::::::windows::*
	cpe:2.3:a:zoom:rooms_for_conference_rooms::::::windows::*
	cpe:2.3:a:zoom:vdi_windows_meeting_clients::::::::
	cpe:2.3:a:zoom:zoom_plugin_for_microsoft_outlook::::::windows::*

No data.

References

Link	Providers
https://explore.zoom.us/en/trust/security/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2022-04-28T15:00:14.188227Z

Updated: 2024-09-17T02:37:08.661Z

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22782

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-28T15:15:09.847

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-22782

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Zoom Client for Meetings for Windows", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.9.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Rooms for Conference Room for Windows", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Plugins for Microsoft Outlook for Windows", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom VDI Windows Meeting Clients", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.9.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Zero Day Initiative"}], "datePublic": "2022-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Incorrect Privilege Assignment", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-28T15:00:14", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "source": {"discovery": "USER"}, "title": "Local privilege escalation in Windows Zoom Clients", "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Zoom Video Communications Inc", "ASSIGNER": "security@zoom.us", "DATE_PUBLIC": "2022-04-27T12:00:00.000Z", "ID": "CVE-2022-22782", "STATE": "PUBLIC", "TITLE": "Local privilege escalation in Windows Zoom Clients"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zoom Client for Meetings for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "5.9.7"}]}}, {"product_name": "Zoom Rooms for Conference Room for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "5.10.0"}]}}, {"product_name": "Zoom Plugins for Microsoft Outlook for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "5.10.3"}]}}, {"product_name": "Zoom VDI Windows Meeting Clients", "version": {"version_data": [{"version_affected": "<", "version_value": "5.9.6"}]}}]}, "vendor_name": "Zoom Video Communications Inc"}]}}, "credit": [{"lang": "eng", "value": "Zero Day Initiative"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Privilege Assignment"}]}]}, "references": {"reference_data": [{"name": "https://explore.zoom.us/en/trust/security/security-bulletin/", "refsource": "MISC", "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}]}, "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.155Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}]}]}, "cveMetadata": {"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2022-22782", "datePublished": "2022-04-28T15:00:14.188227Z", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2024-09-17T02:37:08.661Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AF4B3DA9-D93E-40A5-A0F6-7B8AC937E044", "versionEndExcluding": "5.9.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms_for_conference_rooms:*:*:*:*:*:windows:*:*", "matchCriteriaId": "384AE73D-2B3A-48EE-BA60-E01AABAE69E5", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB73D24B-5FA0-4009-B13A-C45017BECB84", "versionEndExcluding": "5.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom_plugin_for_microsoft_outlook:*:*:*:*:*:windows:*:*", "matchCriteriaId": "99EC22EC-05B3-41D1-BC6D-20A0B1810CD1", "versionEndExcluding": "5.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."}, {"lang": "es", "value": "Zoom Client for Meetings para Windows versiones anteriores a 5.9.7, Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.0, Zoom Plugins for Microsoft Outlook para Windows versiones anteriores a 5.10.3 y Zoom VDI Windows Meeting Clients versiones anteriores a 5.9.6; eran susceptibles de un problema de escalada de privilegios local durante la operaci\u00f3n de reparaci\u00f3n del instalador. Un actor malicioso podr\u00eda usar esto para eliminar potencialmente archivos o carpetas a nivel de sistema, causando problemas de integridad o disponibilidad en la m\u00e1quina anfitriona del usuario"}], "id": "CVE-2022-22782", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2022-04-28T15:15:09.847", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}