CVE-2022-22784
moderate-risk
Published 2022-05-18
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (2)
Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin
Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin
44
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
4/34 · Minimal
Exposure
12/34 · Low