CVE-2022-28762: Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS
First published: Fri Oct 14 2022(Updated: )
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | >=5.10.6<5.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoom macOS vulnerability?
The vulnerability ID for this Zoom macOS vulnerability is CVE-2022-28762.
What is the severity of CVE-2022-28762?
The severity of CVE-2022-28762 is high with a severity value of 7.8.
Which version of Zoom Client for Meetings for macOS is affected by CVE-2022-28762?
Zoom Client for Meetings for macOS versions starting from 5.10.6 and prior to 5.12.0 are affected by CVE-2022-28762.
What is the issue in Zoom Client for Meetings for macOS that leads to CVE-2022-28762?
The issue in Zoom Client for Meetings for macOS that leads to CVE-2022-28762 is a debugging port misconfiguration.
How can I fix CVE-2022-28762?
To fix CVE-2022-28762, update Zoom Client for Meetings for macOS to version 5.12.0 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/title
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/zoom
- canonical/zoom meetings
- version/zoom meetings/5.10.6