Zoom On-Premise Meeting Connector Zone Controller (ZC) STUN Error Code Parsing Vulnerability

Zoom On-Premise Meeting Connector Zone Controller (ZC) STUN Error Code Parsing Vulnerability

CVE-2022-28750 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.