Login Sign Up

CVE-2022-22786

7.5 HIGH

📋 TL;DR

This vulnerability allows attackers to trick users into downgrading their Zoom client to a less secure version by exploiting improper version checking during updates. It affects Windows users running Zoom Client for Meetings or Zoom Rooms for Conference Room before version 5.10.0. Attackers could leverage this to install older versions with known vulnerabilities.

💻 Affected Systems

Products:
  • Zoom Client for Meetings
  • Zoom Rooms for Conference Room
Versions: Windows versions before 5.10.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows versions; macOS, Linux, and mobile versions are not vulnerable.

📦 What is this software?

Meetings by Zoom

View all CVEs affecting Meetings →

Rooms by Zoom

View all CVEs affecting Rooms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could downgrade Zoom to a version with critical remote code execution vulnerabilities, gaining full system control over the victim's computer.

🟠

Likely Case

Attackers trick users into installing older Zoom versions with known security flaws, potentially leading to data theft or malware installation.

🟢

If Mitigated

With proper patching and user awareness, the risk is limited to temporary disruption if users are tricked into downgrading but quickly update.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (tricking user to install malicious update) and sophisticated attack chain to be fully weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.10.0 and later

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin

Restart Required: Yes

Instructions:

1. Open Zoom client. 2. Click profile picture. 3. Select 'Check for Updates'. 4. Install version 5.10.0 or newer. 5. Restart Zoom after installation.

🔧 Temporary Workarounds

Disable automatic updates

windows

Prevent automatic updates that could be malicious by disabling Zoom's update feature

Not applicable - configure through Zoom settings

Require admin approval for updates

windows

Configure Windows to require administrator approval for Zoom updates

Configure via Group Policy or Windows Settings

🧯 If You Can't Patch

  • Implement network controls to block Zoom update servers except from trusted sources
  • Educate users to never install Zoom updates from unofficial sources or suspicious prompts

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings > About. If version is below 5.10.0, system is vulnerable.

Check Version:

wmic product where "name like 'Zoom%'" get version

Verify Fix Applied:

Confirm Zoom version is 5.10.0 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

  • Zoom installation logs showing downgrade attempts
  • Windows Event Logs showing Zoom installation from unusual sources

Network Indicators:

  • Outbound connections to non-standard Zoom update servers
  • HTTP requests to download older Zoom versions

SIEM Query:

source="zoom*" AND (event="install" OR event="update") AND version<"5.10.0"

📊 Metadata

CVE ID: CVE-2022-22786
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-494
Published: May 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22786, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)