cyberSecurist Technologies

Summary

Zoom has called for CVE-2022-28763 calling it 'Improper URL parsing in Zoom clients'. According to the advisory, the Zoom clients for meetings (for Android, iOS, Linux, Windows, macOS) before version 5.12.2 are vulnerable to a URL parsing vulnerability which allows the attacker to craft a malicious Zoom meeting URL, and when the victim opens the malicious URL, the link may direct the user to connect to an arbitary network address. Adding to this attack, the attacker may then takeover user accounts. This vulnerability is marked as having a excessive severity with a CVSS score of 8.8.

Since there's no public information available for the exploits available. From the Zoom meeting URL (Zoom meeting URL: https://company.zoom.us/j/8712893421?pwd=ajjApne073uDJUnadEDdEm93D&from=sender), it seems like one of the parameter was vulnerable or some parameter that was hidden has been exploited. On further research, we found that a similar vulnerability (CVE-2022-28755) was discovered earlier in Sept 2022 by the Zoom security team. From the view of it, it seems the previous vulnerability was fixed partially.

Also it's worth noting that there's no information released or mentioned in the advisory by Zoom on browser based conferences.

Suggestion

Since no information is available for browser based meetings, no remarks can be made. For users using Zoom client (for Android, iOS, Linux, Windows, macOS), you should update it to latest version (5.12.3 & above) that could be downloaded from https://zoom.us/support/download

CVEs

CVE-2022-28763

Affected Versions

Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
Zoom VDI Windows Meeting Clients before version 5.12.2
Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2

Related CVEs

CWE-20, CWE-601

Resources

Authors: Narendra Kumawat, Mahesh Saptarshi

For more information contact:contact@cybersecurist.com