CRITICAL🇵🇱 Wersja polska

CVE-2022-28755

CVSS 9.6v3.1pub. 2022-08-11upd. 2024-11-21

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Zoom Virtual Desktop Infrastructure

    APP
    Zoom
    < 5.10.7
  • Zoom

    APP
    Zoom
    < 5.11.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-24691CRITICAL9.6PL ✓ten sam produkt

Privilege escalation w Zoom Desktop Client, VDI Client i Meeting SDK dla Windows

CVE-2023-39213CRITICAL9.6ten sam produkt

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...

CVE-2023-39216CRITICAL9.6ten sam produkt

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user t...

CVE-2023-36534CRITICAL9.3ten sam produkt

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an...

CVE-2021-34423CRITICAL9.8ten sam produkt

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, an...