CVE-2022-36925
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS | unspecified < 5.11.4 | affected |
Weaknesses
- CWE-321: CWE-321: Use of Hard-coded Cryptographic Key
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.