CVE-2022-28757

Summary

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom Client for Meetings for MacOSnext of 5.7.3 < unspecifiedaffected
Zoom Video Communications IncZoom Client for Meetings for MacOSunspecified < 5.11.6affected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

References