CVE-2022-28753: Zoom On-Premise Deployments: Improper Access Control Vulnerability
First published: Thu Aug 11 2022(Updated: )
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meeting Connector | <4.8.129.20220714 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-28753?
CVE-2022-28753 is classified as a medium severity vulnerability due to improper access control affecting the Zoom On-Premise Meeting Connector.
How do I fix CVE-2022-28753?
To fix CVE-2022-28753, update your Zoom On-Premise Meeting Connector to version 4.8.129.20220714 or later.
What does CVE-2022-28753 allow an attacker to do?
CVE-2022-28753 allows an attacker to join a meeting without appearing to other participants, compromising meeting security.
Which versions of Zoom Meeting Connector are affected by CVE-2022-28753?
Versions of Zoom Meeting Connector prior to 4.8.129.20220714 are affected by CVE-2022-28753.
Is there a workaround for CVE-2022-28753?
There are no known workarounds for CVE-2022-28753 other than upgrading to the latest version.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/zoom
- canonical/zoom meeting connector