CVE-2022-36929
published 2023-01-09CVE-2022-36929: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.29%
20.4th percentile
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | rooms | < 5.12.7 | 5.12.7 |
| zoom_video_communications_inc | zoom_rooms_for_windows | >= unspecified < 5.12.7 | 5.12.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Zoom Rooms up to 5.12.5 on Windows Installer toctou (EUVD-2022-39587)
vuldb·2026-06-18·CVSS 7.8
CVE-2022-36929 [HIGH] Zoom Rooms up to 5.12.5 on Windows Installer toctou (EUVD-2022-39587)
A vulnerability was found in Zoom Rooms up to 5.12.5 on Windows. It has been rated as critical. This impacts an unknown function of the component Installer. The manipulation leads to time-of-check time-of-use.
This vulnerability is documented as CVE-2022-36929. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-w8m5-vmmq-x59w: The Zoom Rooms Installer for Windows prior to 5
ghsa_unreviewed·2023-01-09
CVE-2022-36929 [HIGH] GHSA-w8m5-vmmq-x59w: The Zoom Rooms Installer for Windows prior to 5
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-09
Published