CVE-2022-22787: Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings
First published: Wed May 18 2022(Updated: )
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 | |
| Zoom Meetings | <5.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22787?
CVE-2022-22787 is a vulnerability in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 that fails to properly validate the hostname during a server switch request.
What is the severity of CVE-2022-22787?
CVE-2022-22787 has a severity level of 7.5, which is considered high.
How does CVE-2022-22787 affect Zoom Meetings?
CVE-2022-22787 affects Zoom Meetings for Android, iOS, Linux, macOS, and Windows before version 5.10.0.
How can CVE-2022-22787 be exploited?
CVE-2022-22787 can be exploited by tricking an unsuspecting user's Zoom client to connect to a malicious server during a server switch request.
Is there a fix for CVE-2022-22787?
Yes, the fix for CVE-2022-22787 is to update Zoom Meetings to version 5.10.0 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/zoom
- canonical/zoom meetings