{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36924", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "datePublished": "2022-11-17T22:37:00.188Z", "dateUpdated": "2025-04-28T15:39:04.232Z", "dateReserved": "2022-07-27T00:00:00.000Z"}, "containers": {"cna": {"title": "Local Privilege Escalation in Zoom Rooms Installer for Windows", "datePublic": "2022-11-15T00:00:00.000Z", "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2022-11-17T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."}], "affected": [{"vendor": "Zoom Video Communications Inc", "product": "Zoom Rooms Installer for Windows", "versions": [{"version": "unspecified", "lessThan": "5.12.6", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-427: Uncontrolled Search Path Element", "cweId": "CWE-427"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:29.463Z"}, "title": "CVE Program Container", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T15:38:07.072699Z", "id": "CVE-2022-36924", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T15:39:04.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:29.463Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-36924", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-28T15:38:07.072699Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T15:38:57.708Z"}}], "cna": {"title": "Local Privilege Escalation in Zoom Rooms Installer for Windows", "source": {"discovery": "EXTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Zoom Video Communications Inc", "product": "Zoom Rooms Installer for Windows", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "5.12.6", "versionType": "custom"}]}], "datePublic": "2022-11-15T00:00:00.000Z", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2022-11-17T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-36924", "state": "PUBLISHED", "dateUpdated": "2025-04-28T15:39:04.232Z", "dateReserved": "2022-07-27T00:00:00.000Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2022-11-17T22:37:00.188Z", "assignerShortName": "Zoom"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D65A2943-960F-4652-A8F3-17764952C530", "versionEndExcluding": "5.12.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."}, {"lang": "es", "value": "El instalador de Zoom Rooms para Windows anterior a 5.12.6 contiene una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad durante el proceso de instalaci\u00f3n para escalar sus privilegios al usuario del SYSTEM."}], "id": "CVE-2022-36924", "lastModified": "2024-11-21T07:14:05.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@zoom.us", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-17T23:15:17.667", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@zoom.us", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}