CVE-2022-36928 - Path Traversal Vulnerability in Zoom for Android Clients Before Version 5.13.: Exploit Details and Mitigation
A recent vulnerability was discovered in Zoom for Android clients, specifically those using versions before 5.13.. The vulnerability, dubbed as CVE-2022-36928, has been found to be associated with path traversal. Essentially, this flaw can allow a third-party app to exploit this loophole, resulting in unauthorized access to the Zoom application's data directory. This could pose a severe threat to the privacy and security of millions of users who rely on Zoom for both personal and professional communication.
In this long-read post, we'll walk you through the specific details of this vulnerability, demonstrate the potential exploit using a code snippet, and provide information on the original references/sources. Moreover, we'll also discuss how to mitigate and guard against this intrusion.
Exploit Details
A path traversal vulnerability serves as an avenue for an attacker to gain unauthorized access to files and directories outside the intended scope. For Zoom's Android clients using versions before 5.13., the vulnerability, CVE-2022-36928, allows a malicious third-party app to read, write, and manipulate the Zoom application data directory.
Suppose a compromised third-party app with malicious intent has permission to access external storage. In that case, the app can exploit CVE-2022-36928, effectively reading and writing sensitive data, potentially causing privacy and security breaches.
Here's a simple code snippet illustrating how the exploit could take place
import java.io.*;
import java.nio.file.*;
public class ZoomExploit {
public static void main(String[] args) {
String fileName = "maliciousFile.jpg";
String srcDir = "/sdcard/Downloads/";
String destDir = "/data/user//us.zoom.videomeetings/files/ImportantData/../";
try {
Path srcFilePath = Paths.get(srcDir, fileName);
Path destFilePath = Paths.get(destDir, fileName);
Files.copy(srcFilePath, destFilePath, StandardCopyOption.REPLACE_EXISTING);
System.out.println("File successfully copied to Zoom application data directory.");
} catch (Exception e) {
System.err.println("An error occurred during file manipulation: " + e.getMessage());
}
}
}
This Java code represents an app that performs typical actions like reading and writing files. The code copies a file (maliciousFile.jpg) from the Downloads directory (/sdcard/Downloads/) to the Zoom application data directory (/data/user//us.zoom.videomeetings/files/ImportantData/../).
It's important to note that inserting malicious code into the target environment might not be as direct as the snippet demonstrates. An attacker could leverage other methods to execute the exploit clandestinely.
This vulnerability was originally reported by the CVE Program, providing the following references
1. CVE-2022-36928: CVE Details
2. NVD - NIST: National Vulnerability Database
Mitigation
To counter this vulnerability and secure your Zoom data, we highly recommend updating your Zoom Android app to version 5.13. or newer. The latest version addresses the path traversal vulnerability, offering enhanced protection against potential exploits.
In addition to updating your Zoom app, take necessary precautions when downloading and granting permissions to third-party apps. Before introducing an unknown app to your device, verify its developer, read reviews, and consider the app's risk factors.
Conclusion
The CVE-2022-36928 path traversal vulnerability in Zoom for Android clients using versions before 5.13. has serious implications for user privacy and security. By following recommended mitigation practices and staying vigilant about granting permissions to third-party apps, you can safeguard your sensitive data and reduce the risk of exploit. Stay informed of the latest security patches and vulnerabilities by regularly visiting the Zoom Security Advisory website.
Timeline
Published on: 01/09/2023 19:15:00 UTC
Last modified on: 01/13/2023 19:13:00 UTC