CVE-2022-36930
published 2023-01-09CVE-2022-36930: Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.47%
36.9th percentile
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | rooms | < 5.13.0 | 5.13.0 |
| zoom_video_communications_inc | zoom_rooms_for_windows | >= unspecified < 5.13.0 | 5.13.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Zoom Rooms up to 5.12.x on Windows uncontrolled search path (EUVD-2022-39588)
vuldb·2026-06-18·CVSS 7.8
CVE-2022-36930 [HIGH] Zoom Rooms up to 5.12.x on Windows uncontrolled search path (EUVD-2022-39588)
A vulnerability identified as very critical has been detected in Zoom Rooms up to 5.12.x on Windows. Affected by this vulnerability is an unknown functionality. This manipulation causes uncontrolled search path.
This vulnerability appears as CVE-2022-36930. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-vj8h-vg2v-8w24: Zoom Rooms for Windows installers before version 5
ghsa_unreviewed·2023-01-09
CVE-2022-36930 [HIGH] GHSA-vj8h-vg2v-8w24: Zoom Rooms for Windows installers before version 5
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-09
Published