CVE-2022-22782

{"id": "CVE-2022-22782", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.5}]}, "published": "2022-04-28T15:15:09.847", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user\u2019s host machine."}, {"lang": "es", "value": "Zoom Client for Meetings para Windows versiones anteriores a 5.9.7, Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.0, Zoom Plugins for Microsoft Outlook para Windows versiones anteriores a 5.10.3 y Zoom VDI Windows Meeting Clients versiones anteriores a 5.9.6; eran susceptibles de un problema de escalada de privilegios local durante la operaci\u00f3n de reparaci\u00f3n del instalador. Un actor malicioso podr\u00eda usar esto para eliminar potencialmente archivos o carpetas a nivel de sistema, causando problemas de integridad o disponibilidad en la m\u00e1quina anfitriona del usuario"}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "AF4B3DA9-D93E-40A5-A0F6-7B8AC937E044", "versionEndExcluding": "5.9.7"}, {"criteria": "cpe:2.3:a:zoom:rooms_for_conference_rooms:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "384AE73D-2B3A-48EE-BA60-E01AABAE69E5", "versionEndExcluding": "5.10.0"}, {"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB73D24B-5FA0-4009-B13A-C45017BECB84", "versionEndExcluding": "5.9.6"}, {"criteria": "cpe:2.3:a:zoom:zoom_plugin_for_microsoft_outlook:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "99EC22EC-05B3-41D1-BC6D-20A0B1810CD1", "versionEndExcluding": "5.10.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}