CVE-2022-28764 in Client for Meetings
Summary
by MITRE • 11/15/2022
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/15/2022
The vulnerability CVE-2022-28764 represents a critical local information exposure flaw within the Zoom Client for Meetings across multiple platform ecosystems including Android, iOS, Linux, macOS, and Windows. This security weakness stems from inadequate data sanitization practices within the application's local storage mechanisms, specifically concerning how meeting data is handled after session termination. The vulnerability manifests when the application fails to properly clear sensitive information from local SQL databases following meeting completion, creating persistent data remnants that remain accessible to local users. The flaw is particularly concerning as it affects the core functionality of the video conferencing platform where users expect their meeting communications to remain private and secure.
The technical implementation of this vulnerability involves the application's use of per-device encryption keys that are insufficiently secure for protecting the local SQL database containing meeting information. According to CWE-312, this represents a weakness in data protection where sensitive data is stored in cleartext or with weak encryption mechanisms that can be easily compromised by local attackers. The vulnerability specifically impacts the storage of in-meeting chat data and other meeting-related information that persists locally after a meeting concludes. This design flaw allows malicious actors with local access to the device to exploit the database and extract previously attended meeting details, including chat messages and potentially other sensitive communications that occurred during those sessions.
The operational impact of this vulnerability extends beyond simple data exposure to encompass broader privacy and security implications for organizations and individual users relying on Zoom for their communication needs. Attackers with local access to a device where Zoom is installed can leverage this vulnerability to access meeting information from previous sessions without requiring network-based attacks or authentication credentials. This creates a persistent threat vector where even after a meeting ends, sensitive information remains accessible to anyone with local device access, potentially including unauthorized personnel, malware, or compromised accounts. The vulnerability affects all supported platforms, making it particularly dangerous as it can be exploited across different operating systems and device types.
Security professionals should consider this vulnerability in the context of ATT&CK framework's T1005 data from local system category, where adversaries can extract sensitive information from compromised systems. The weakness aligns with the principle of least privilege violation, as users with legitimate access to a device can potentially access data belonging to other meetings they attended. Mitigation strategies should focus on implementing proper data sanitization procedures, strengthening encryption key management, and ensuring that local databases are properly cleared upon meeting termination. Organizations should immediately update to Zoom Client for Meetings version 5.12.6 or later, which addresses this vulnerability through improved local data handling and enhanced encryption mechanisms. Additionally, system administrators should consider implementing device access controls and monitoring for unauthorized local access attempts to further reduce the risk of exploitation.