CVE-2022-28761 is an improper access control vulnerability (CWE-284) found in Zoom Video Communications Inc's Zoom On-Premise Meeting Connector MMR prior to version 4.8.20220916.131. This vulnerability allows a malicious actor who is already authorized to join a meeting or webinar to disrupt the session by preventing other participants from receiving audio and video streams. The flaw lies in insufficient enforcement of access controls within the Meeting Connector component, which manages media relay for on-premise Zoom deployments. Exploitation does not require user interaction beyond joining the meeting, and the attacker must have at least participant-level privileges. The CVSS 3.1 base score is 6.5 (medium severity), with an attack vector of network (remote), low attack complexity, requiring privileges, no user interaction, unchanged scope, and high impact on confidentiality but no impact on integrity or availability. Although the vulnerability does not directly allow data modification or denial of service, the ability to block audio/video streams can severely disrupt communications and potentially leak sensitive information by interfering with meeting flow. No known exploits are currently reported in the wild, and no official patches or mitigation links were provided in the source data. This vulnerability specifically affects organizations using the Zoom On-Premise Meeting Connector MMR, which is typically deployed in enterprise or government environments requiring on-premises control over Zoom media traffic.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and operational continuity of sensitive meetings conducted via Zoom's on-premise infrastructure. Disruption of audio and video streams can hinder communication in critical business, governmental, or healthcare meetings, potentially delaying decision-making or exposing organizations to operational risks. Confidentiality impact is high because the attacker can interfere with media streams, possibly enabling eavesdropping or selective disruption. While integrity and availability impacts are rated low, the disruption can cause reputational damage and loss of trust in secure communications. Organizations in sectors with strict data protection regulations such as GDPR may face compliance challenges if sensitive information is compromised or meetings are disrupted. The risk is heightened for entities relying heavily on on-premise Zoom deployments for secure internal communications, including financial institutions, public sector bodies, and multinational corporations with European operations.

European organizations should prioritize upgrading the Zoom On-Premise Meeting Connector MMR to version 4.8.20220916.131 or later, where this vulnerability is addressed. In the absence of immediate patches, organizations should restrict meeting participation to trusted users and enforce strict authentication and authorization policies to limit the presence of potentially malicious actors. Network segmentation and monitoring of meeting connector traffic can help detect anomalous behavior indicative of exploitation attempts. Additionally, organizations should consider implementing layered security controls such as endpoint security on participant devices and real-time meeting monitoring to quickly identify and respond to disruptions. Regular security audits of Zoom on-premise deployments and user access reviews will reduce the risk surface. Finally, educating users about the risks of unauthorized meeting access and encouraging reporting of unusual meeting behavior can aid early detection.