Zoom On-Premise Deployments: Improper Access Control
Description
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improper access control flaw in Zoom On-Premise Meeting Connector MMR before 4.8.20220815.130 lets unauthorized attackers access meeting audio/video and disrupt meetings.
Vulnerability
An improper access control vulnerability exists in Zoom On-Premise Meeting Connector MMR prior to version 4.8.20220815.130 [1]. The flaw allows an attacker who is not authorized to join a meeting to obtain the audio and video feed of that meeting [1].
Exploitation
A malicious actor can exploit this vulnerability by leveraging the improper access controls in the Meeting Connector MMR component to join a meeting without proper authorization [1]. No additional special privileges or user interaction beyond network access to the affected service are required [1].
Impact
Successful exploitation enables the attacker to gain unauthorized access to the audio and video streams of a meeting they were not permitted to attend [1]. The attacker can also cause other disruptions to the meeting [1].
Mitigation
Zoom has addressed this vulnerability with the release of version 4.8.20220815.130 [1]. Users should upgrade to this version or later to remediate the flaw [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <4.8.20220815.130
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.