CVE-2022-28759 is a high-severity vulnerability affecting Zoom Video Communications Inc's Zoom On-Premise Meeting Connector MMR component prior to version 4.8.20220815.130. The vulnerability is categorized under CWE-284, which pertains to improper access control. Specifically, this flaw allows an unauthorized malicious actor to bypass access restrictions and obtain the audio and video feeds of meetings they are not authorized to join. Additionally, the attacker could cause disruptions to ongoing meetings. The vulnerability has a CVSS 3.1 base score of 8.2, indicating a high level of severity. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) shows that the attack can be performed remotely over the network without any privileges or user interaction, with high impact on confidentiality, limited impact on integrity, and no impact on availability. The vulnerability affects on-premise deployments of Zoom Meeting Connector MMR, which is used by organizations to host Zoom meetings within their own infrastructure rather than relying on Zoom's cloud services. This setup is often chosen by enterprises with strict data privacy or regulatory requirements. The improper access control likely stems from insufficient authentication or authorization checks in the Meeting Connector software, allowing attackers to intercept or eavesdrop on meeting media streams and interfere with meeting operations. Although no known exploits have been reported in the wild, the ease of exploitation and the sensitive nature of the data exposed make this a critical concern for organizations using affected versions. The lack of a patch link in the provided data suggests that organizations should verify they are running the fixed version 4.8.20220815.130 or later to mitigate this risk.

For European organizations, this vulnerability poses significant risks to confidentiality and privacy, especially given the sensitive nature of audio and video communications in corporate, governmental, and healthcare sectors. Unauthorized access to meeting feeds could lead to leakage of confidential business information, intellectual property, or personal data, potentially violating GDPR and other data protection regulations. The ability to disrupt meetings could also impact operational continuity and trust in communication systems. Organizations relying on on-premise Zoom Meeting Connector deployments for compliance or data sovereignty reasons are particularly at risk, as attackers could exploit this flaw remotely without authentication or user interaction. This could lead to espionage, reputational damage, regulatory penalties, and financial losses. The vulnerability's impact is amplified in sectors with high confidentiality requirements such as finance, legal, government, and critical infrastructure within Europe.

European organizations should immediately verify the version of their Zoom On-Premise Meeting Connector MMR deployment and upgrade to version 4.8.20220815.130 or later, where this vulnerability is addressed. If upgrading is not immediately feasible, organizations should restrict network access to the Meeting Connector to trusted internal networks and VPNs only, minimizing exposure to external attackers. Implement strict network segmentation and firewall rules to limit access to the Meeting Connector servers. Additionally, enable and enforce strong authentication and authorization policies for meeting access, including multi-factor authentication where possible, to reduce the risk of unauthorized access. Monitor meeting logs and network traffic for unusual access patterns or disruptions that could indicate exploitation attempts. Regularly review and update incident response plans to include scenarios involving unauthorized meeting access or disruption. Finally, maintain close coordination with Zoom's security advisories and apply patches promptly when released.