CVE-2022-28763: Zoom Client for Meetings URL Parsing Vulnerability - How It Works and How You Can Protect Yourself

Zoom has become an essential tool for remote work, online classes, and staying connected with friends and family during the COVID-19 pandemic. However, in this age of increased dependence on technology, the importance of cybersecurity cannot be stressed enough. Therefore, it's crucial to stay updated on the latest vulnerabilities affecting popular applications such as Zoom.

In this long read, we will delve into CVE-2022-28763, a URL parsing vulnerability affecting the Zoom Client for Meetings on various platforms, including Android, iOS, Linux, macOS, and Windows. We'll discuss the details of this exploit, provide code snippets, and share links to original references. We'll also provide tips on how you can protect yourself from this vulnerability.

Exploit Details

CVE-2022-28763 is a security vulnerability discovered in the Zoom Client for Meetings before version 5.12.2. The issue lies in the application's ability to parse meeting URLs. An attacker can exploit this vulnerability to craft a malicious Zoom meeting URL that, when opened, redirects the user to an arbitrary network address, potentially leading to additional attacks such as session takeovers.

The following code snippet demonstrates how the vulnerability can be triggered

https://zoom.us/j/<meeting_id>?pwd=<password>#@<arbitrary_network_address>;

In this example, the <meeting_id>, <password>, and <arbitrary_network_address> placeholders should be replaced with the attacker's desired values. When a user clicks on this malicious link, their Zoom Client for Meetings will connect to the arbitrary network address specified by the attacker, thus putting the user's session at risk of being compromised.

Original References

1. CVE-2022-28763 Advisory: The official advisory detailing the vulnerability, its impact, and affected versions. This page also provides the official CVE identifier and score. Link
2. Zoom's Release Notes: The official Zoom release notes for version 5.12.2, where the vulnerability is addressed. Users are strongly encouraged to update their clients to this version or later. Link

To stay safe from this vulnerability, follow these steps

1. Update Your Zoom Client: Ensure that your Zoom Client for Meetings is updated to version 5.12.2 or later. This is an essential step, as the vulnerability is fixed in these versions. To check your current version and update, follow Zoom's official instructions here.

2. Verify Meeting URLs: Always validate meeting URLs before clicking on them. If you receive a meeting link via email, text message, or any other communication method, make sure that the sender is trustworthy and that the URL appears legitimate. If you're unsure, contact the sender to confirm the link's validity.

3. Educate Your Team: If you manage a team or organization, ensure that your staff is aware of this vulnerability and the importance of updating their Zoom clients. Encourage them to verify meeting URLs and exercise caution when receiving links from external sources.

Conclusion

CVE-2022-28763 is a URL parsing vulnerability that affects the Zoom Client for Meetings on a wide range of platforms. By crafting a malicious Zoom meeting URL, an attacker can redirect users to arbitrary network addresses, leading to potential session takeovers and additional attacks. By keeping your Zoom client updated, verifying meeting URLs, and educating your team about cybersecurity best practices, you can mitigate the risks posed by this vulnerability.

Timeline

Published on: 10/31/2022 20:15:00 UTC
Last modified on: 11/01/2022 19:43:00 UTC