Insufficient Authorization Check During Meeting Join

Vulnerability

The Zoom On-Premise Meeting Connector MMR (Multi-Media Router) fails to properly verify the permissions of a Zoom meeting attendee. Versions prior to 4.8.113.20220526 are affected. The vulnerability lies in the meeting join logic, where a user in the waiting room can bypass host consent controls.

Exploitation

An attacker must be able to enter the Zoom meeting's waiting room (e.g., via a legitimate meeting invite or link). No additional authentication or special privileges are required beyond being an invited participant. The attacker can then join the meeting without the host's approval, effectively bypassing the intended waiting room gate.

Impact

Successful exploitation allows the attacker to join a Zoom meeting without the host's consent. This leads to unauthorized access to the meeting's audio, video, and shared content, compromising confidentiality. The attacker can also potentially disrupt the meeting, impacting availability. The host loses control over participant admission.

Mitigation

Zoom released a fix in version 4.8.113.20220526. Users of the On-Premise Meeting Connector MMR should update to this version or later. The Zoom Security Bulletin [1] recommends updating to the latest version to obtain the fix. No workarounds are documented.