Vulnerabilites related to Zoom Video Communications Inc - Zoom Rooms for macOS
cve-2022-36925
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure key generation for Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36925",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36927
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36927",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36926
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36926",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}