Unauthenticated Meeting Join Vulnerability in Zoom On-Premise Meeting Connector

Unauthenticated Meeting Join Vulnerability in Zoom On-Premise Meeting Connector

CVE-2022-28749 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.

Learn more about our Web Application Penetration Testing UK.