3 vulnerabilities in Zoom Client and Zoom Rooms allows threat actor to become admin of the machine

According to the most recent research, three recently found security flaws in Zoom can grant an attacker access to root or SYSTEM users and the ability to execute malicious program. Local privilege escalation concerns have been identified as the two high severity vulnerabilities, CVE-2022-28768 and CVE-2022-36924, which might eventually result in seizing control of the afflicted system.

CVE-2022-28768

Severity: High

CVSS Score: 8.8

A local low-privileged user might utilize CVE-2022-28768 (CVSS score of 8.8), which is connected to the install process, to escalate their privileges to root. 

Affected Products: Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6

CVE-2022-36924

Severity: High

CVSS Score: 8.8

A local low-privileged user might utilize the CVE-2022-36924 vulnerability (CVSS score of 8.8) to escalate their privileges to the SYSTEM user during the install process. 

Affected Products: Zoom Rooms Installer for Windows before version 5.12.

CVE-2022-28766

Severity: High

CVSS Score: 8.1

A DLL injection vulnerability known as CVE-2022-28766 (CVSS score of 8.1) impacts Windows 32-bit versions of the Zoom Client for Meetings before version 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6

Affected Products:

  • Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6
  • Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6
  • Zoom Rooms for Conference Room for Windows (32-bit) prior to 5.12.6

By installing recent updates or downloading the most recent Zoom software with all the most recent security fixes, users may help keep themselves secure.