Multiple vulnerabilities identified in Zoom: CERT-In
ADVERTISEMENT
Indian Computer Emergency Response Team (CERT-In), the government authorised nodal agency tasked to deal with incidents of data breach, said it has identified multiple vulnerabilities in Zoom products, which could allow a remote authenticated user to bypass implemented security restrictions on the targeted system.
"These vulnerabilities exist due to improper access control implementation. A remote attacker could exploit these vulnerabilities to join a meeting they are authorised to join without appearing to the other participants or obtain the audio video feed of a meeting they were not authorised to join and cause other meeting disruptions," CERT-In said in a report.
Successful exploitation of these vulnerabilities could allow a remote authenticated user to bypass implemented security restrictions on the targeted system, says CERT-In, while rating the severity of the flaw as "medium."
Three vulnerabilities, dubbed CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760 affect Zoom's On-Premise Meeting Connector MMR. "Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants," the video conferencing platform says in its security bulletin.
August 2025
As India continues to be the world’s fastest-growing major economy, Fortune India presents its special issue on the nation’s Top 100 Billionaires. Curated in partnership with Waterfield Advisors, this year’s list reflects a slight decline in the number of dollar billionaires—from 185 to 182—even as the entry threshold for the Top 100 rose to ₹24,283 crore, up from ₹22,739 crore last year. From stalwarts like Mukesh Ambani, Gautam Adani, and the Mistry family, who continue to lead the list, to major gainers such as Sunil Mittal and Kumar Mangalam Birla, the issue goes beyond the numbers to explore the resilience, ambition, and strategic foresight that define India’s wealth creators. Read their compelling stories in the latest issue of Fortune India. On stands now.
CERT-In, which is part of the Ministry of Electronics and Information Technology (MeiTY), urged users to update to the latest version as mentioned in Zoom's security advisory.
This comes days after CERT-In reported multiple vulnerabilities in Google Chrome app for desktop, which could be exploited by a remote attacker to bypass security restriction, execute arbitrary code or cause denial of service condition on the targeted system.
"These vulnerabilities exist in Google Chrome for desktop due to use after free in PDF and frames, out of bounds write in storage, heap buffer overflow in internals and insufficient validation of untrusted input in DevTools. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web site," CERT-In had pointed out.
Meanwhile, CERT-In on Monday warned of multiple vulnerabilities in Lenovo products including desktop, Lenovo Notebook, Lenovo ThinkPad, ThinkServer, ThinkStation ThinkSystem among others.
"A local authenticated attacker could exploit this vulnerability by sending specially crafted requests. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system," says the government agency.
In July, CERT-In had issued an advisory to Apple watch users, saying it contains "multiple vulnerabilities".
Last month, Akasa Air reported a "temporary technical configuration error" related to its login and sign-up service. "As a result of this configuration error, some Akasa Air registered user information limited to names, gender, email addresses and phone numbers may have been viewed by unauthorized individuals," the airline said.
Fortune India is now on WhatsApp! Get the latest updates from the world of business and economy delivered straight to your phone. Subscribe now.