Skip to main content

CVE-2022-28759: CWE-284 Improper Access Control in Zoom Video Communications Inc Zoom On-Premise Meeting Connector MMR

High
VulnerabilityCVE-2022-28759cvecve-2022-28759cwe-284
Published: Fri Oct 14 2022 (10/14/2022, 14:51:20 UTC)
Source: CVE
Vendor/Project: Zoom Video Communications Inc
Product: Zoom On-Premise Meeting Connector MMR

Description

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.

AI-Powered Analysis

AILast updated: 07/06/2025, 15:11:50 UTC

Technical Analysis

CVE-2022-28759 is a high-severity vulnerability affecting Zoom Video Communications Inc's Zoom On-Premise Meeting Connector MMR component prior to version 4.8.20220815.130. The vulnerability is categorized under CWE-284, which pertains to improper access control. Specifically, this flaw allows an unauthorized malicious actor to bypass access restrictions and obtain the audio and video feeds of meetings they are not authorized to join. Additionally, the attacker could cause disruptions to ongoing meetings. The vulnerability has a CVSS 3.1 base score of 8.2, indicating a high level of severity. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) shows that the attack can be performed remotely over the network without any privileges or user interaction, with high impact on confidentiality, limited impact on integrity, and no impact on availability. The vulnerability affects on-premise deployments of Zoom Meeting Connector MMR, which is used by organizations to host Zoom meetings within their own infrastructure rather than relying on Zoom's cloud services. This setup is often chosen by enterprises with strict data privacy or regulatory requirements. The improper access control likely stems from insufficient authentication or authorization checks in the Meeting Connector software, allowing attackers to intercept or eavesdrop on meeting media streams and interfere with meeting operations. Although no known exploits have been reported in the wild, the ease of exploitation and the sensitive nature of the data exposed make this a critical concern for organizations using affected versions. The lack of a patch link in the provided data suggests that organizations should verify they are running the fixed version 4.8.20220815.130 or later to mitigate this risk.

Potential Impact

For European organizations, this vulnerability poses significant risks to confidentiality and privacy, especially given the sensitive nature of audio and video communications in corporate, governmental, and healthcare sectors. Unauthorized access to meeting feeds could lead to leakage of confidential business information, intellectual property, or personal data, potentially violating GDPR and other data protection regulations. The ability to disrupt meetings could also impact operational continuity and trust in communication systems. Organizations relying on on-premise Zoom Meeting Connector deployments for compliance or data sovereignty reasons are particularly at risk, as attackers could exploit this flaw remotely without authentication or user interaction. This could lead to espionage, reputational damage, regulatory penalties, and financial losses. The vulnerability's impact is amplified in sectors with high confidentiality requirements such as finance, legal, government, and critical infrastructure within Europe.

Mitigation Recommendations

European organizations should immediately verify the version of their Zoom On-Premise Meeting Connector MMR deployment and upgrade to version 4.8.20220815.130 or later, where this vulnerability is addressed. If upgrading is not immediately feasible, organizations should restrict network access to the Meeting Connector to trusted internal networks and VPNs only, minimizing exposure to external attackers. Implement strict network segmentation and firewall rules to limit access to the Meeting Connector servers. Additionally, enable and enforce strong authentication and authorization policies for meeting access, including multi-factor authentication where possible, to reduce the risk of unauthorized access. Monitor meeting logs and network traffic for unusual access patterns or disruptions that could indicate exploitation attempts. Regularly review and update incident response plans to include scenarios involving unauthorized meeting access or disruption. Finally, maintain close coordination with Zoom's security advisories and apply patches promptly when released.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Zoom
Date Reserved
2022-04-06T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec9e1

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 3:11:50 PM

Last updated: 8/6/2025, 6:06:09 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats