The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname…
Zoom·CWE-295·Published 2022-05-18
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
Zoom Client for Meetings (para Android, iOS, Linux, macOS y Windows) anterior a la versión 5.10.0 no comprueba correctamente el nombre de host durante una petición de cambio de servidor. Este problema podría usarse en un ataque más sofisticado para engañar a un cliente de usuario desprevenido para que sea conectado a un servidor malicioso cuando intente usar los servicios de Zoom
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.0 | 6.8 | 6.4 | AV:N/AC:M/Au:S/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 7.5 | 1.6 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 5.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| 3.1 | Primary | cve.org | 5.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| 3.1 | Secondary | NVD | 5.9 | 1.6 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |