Pierluigi Paganini
January 10, 2023
Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms.
Below are the details for the bugs addressed by the company:
CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers.
The issue affects Rooms for Windows installers before version 5.13.0.
“A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.” reads the advisory published by the company.
CVE-2022-36929 – (CVSS Score 7.8) – Local Privilege Escalation in Rooms for Windows Clients.
The flaw affects Rooms for Windows clients before version 5.12.7. A local low-privileged user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
CVE-2022-36926 – CVE-2022-36927 – (CVSS Score 8.8) – Local Privilege Escalation in Zoom Rooms for macOS Clients. The flaw affects Rooms for macOS clients before version 5.11.3. The issue can be exploited by a local low-privileged user to escalate their privileges to root.
The communications technology company also addressed two “Medium” severity bugs:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Rooms)
[adrotate banner=”5″]
[adrotate banner=”13″]
