CVE-2022-28753 : Security Advisory and Response
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 is vulnerable to an improper access control issue, allowing unauthorized access to meetings and disruptions. Learn how to mitigate.
Zoom On-Premise Deployments: Improper Access Control Vulnerability
Understanding CVE-2022-28753
This CVE refers to an improper access control vulnerability in Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714.
What is CVE-2022-28753?
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 is affected by an improper access control vulnerability. This allows a malicious actor to join authorized meetings without alerting other participants, escalate privileges, and potentially disrupt the meeting.
The Impact of CVE-2022-28753
The impact of this CVE is rated as high severity with a CVSS base score of 7.1. This vulnerability can result in unauthorized access to meetings, potential data breaches, and disruptions in meeting operations.
Technical Details of CVE-2022-28753
This section provides technical information about the vulnerability.
Vulnerability Description
The vulnerability in Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 allows malicious actors to join meetings undetected, escalate privileges, and disrupt meeting operations.
Affected Systems and Versions
Zoom On-Premise Meeting Connector MMR versions prior to 4.8.129.20220714 are affected by this vulnerability. Users of these versions are at risk of unauthorized access to meetings.
Exploitation Mechanism
Malicious actors can exploit this vulnerability by leveraging the improper access control issue in the Zoom On-Premise Meeting Connector MMR software, gaining unauthorized access to meetings and disrupting operations.
Mitigation and Prevention
To address CVE-2022-28753, users and organizations should take immediate steps and implement long-term security measures to protect their Zoom On-Premise Meeting Connector deployments.
Immediate Steps to Take
- Update Zoom On-Premise Meeting Connector MMR to version 4.8.129.20220714 or higher to patch the vulnerability.
- Monitor meeting participants for any unauthorized attendees.
Long-Term Security Practices
- Regularly update Zoom software to the latest versions to ensure security patches are applied promptly.
- Educate users on meeting security best practices, such as controlling access permissions.
Patching and Updates
Zoom Video Communications Inc. has released patches to address the improper access control vulnerability. Users are advised to apply the latest updates promptly.