CVE-2022-22785
Published: 18 May 2022
Summary
CVE-2022-22785 is a medium-severity Reliance on Cookies without Validation and Integrity Checking (CWE-565) vulnerability in Zoom Meetings. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 39.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27928
Vulnerability details
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users…
more
Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.