CVE-2022-22787 - OpenCVE

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zoom	Meetings

Configuration 1 [-]

OR	cpe:2.3:a:zoom:meetings::::::android::*
	cpe:2.3:a:zoom:meetings::::::iphone_os::*
	cpe:2.3:a:zoom:meetings::::::linux::*
	cpe:2.3:a:zoom:meetings::::::macos::*
	cpe:2.3:a:zoom:meetings::::::windows::*

References

Link	Resource
http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://explore.zoom.us/en/trust/security/security-bulletin	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zoom

Published: 2022-05-17T00:00:00

Updated: 2022-05-24T19:06:09

Reserved: 2022-01-07T00:00:00

Link: CVE-2022-22787

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-18T17:15:08.630

Modified: 2022-05-27T15:19:45.147

Link: CVE-2022-22787

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "Zoom Client for Meetings for Android", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Client for Meetings for iOS", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Client for Meetings for Linux", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Client for Meetings for MacOS", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Zoom Client for Meetings for Windows", "vendor": "Zoom Video Communications Inc", "versions": [{"lessThan": "5.10.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ivan Fratric of Google Project Zero"}], "datePublic": "2022-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Improper Input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T19:06:09", "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"}], "source": {"discovery": "USER"}, "title": "Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings", "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Zoom Video Communications Inc", "ASSIGNER": "security@zoom.us", "DATE_PUBLIC": "2022-05-17T12:00:00.000Z", "ID": "CVE-2022-22787", "STATE": "PUBLIC", "TITLE": "Insufficient hostname validation during Clusterswitch message in Zoom Client for Meetings"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zoom Client for Meetings for Android", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "5.10.0"}]}}, {"product_name": "Zoom Client for Meetings for iOS", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "5.10.0"}]}}, {"product_name": "Zoom Client for Meetings for Linux", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "5.10.0"}]}}, {"product_name": "Zoom Client for Meetings for MacOS", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "5.10.0"}]}}, {"product_name": "Zoom Client for Meetings for Windows", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "", "version_value": "5.10.0"}]}}]}, "vendor_name": "Zoom Video Communications Inc"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Ivan Fratric of Google Project Zero"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services."}]}, "exploit": [], "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://explore.zoom.us/en/trust/security/security-bulletin", "refsource": "CONFIRM", "url": "https://explore.zoom.us/en/trust/security/security-bulletin"}, {"name": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "USER"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "cveId": "CVE-2022-22787", "datePublished": "2022-05-17T00:00:00", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2022-05-24T19:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", "matchCriteriaId": "257325E7-C897-49A8-8F82-7AF256A356C5", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "E22CE428-4C2A-4D98-A05C-0DC947511A82", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", "matchCriteriaId": "BB3D750A-6070-43B9-8D2F-0BF840FAEAAE", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", "matchCriteriaId": "AD42820E-D045-4AE0-8A35-9B4E3007B71A", "versionEndExcluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DDF53A4B-7533-4DDA-9BEF-C803127FEDDD", "versionEndExcluding": "5.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services."}, {"lang": "es", "value": "Zoom Client for Meetings (para Android, iOS, Linux, macOS y Windows) anterior a la versi\u00f3n 5.10.0 no comprueba correctamente el nombre de host durante una petici\u00f3n de cambio de servidor. Este problema podr\u00eda usarse en un ataque m\u00e1s sofisticado para enga\u00f1ar a un cliente de usuario desprevenido para que sea conectado a un servidor malicioso cuando intente usar los servicios de Zoom"}], "id": "CVE-2022-22787", "lastModified": "2022-05-27T15:19:45.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2022-05-18T17:15:08.630", "references": [{"source": "security@zoom.us", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html"}, {"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}