CVE-2022-22786: 
Zoom Client vulnerability analysis and mitigation

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0 contains a vulnerability that fails to properly check the installation version during the update process. This vulnerability was assigned CVE-2022-22786 and received a CVSS v3.1 base score of 7.5 (High) from Zoom Video Communications, Inc. (CERT EU, NVD).

The vulnerability stems from improper version checking during the update process. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited remotely, requires user interaction, and could result in high impacts to confidentiality, integrity, and availability. The weakness is classified as CWE-494: Download of Code Without Integrity Check (NVD).

This vulnerability could be exploited as part of a more sophisticated attack to trick users into downgrading their Zoom client to a less secure version, potentially exposing them to additional security risks (SecurityWeek).

The vulnerability was patched in Zoom Client for Meetings version 5.10.0 and Zoom Rooms for Conference Room version 5.10.0. Users are strongly recommended to update to these versions or later to mitigate the vulnerability (CERT EU).