CVE-2022-28768
EUVD-2022-3320717.11.2022, 23:15
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zoom | meetings | 𝑥 < 5.12.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-689 - Permission Race Condition During Resource CopyThe product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.