Vulnerabilites related to zoom - rooms
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42438",
"lastModified": "2024-08-29T00:01:59.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.317",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 22:15
Modified
2024-11-21 06:57
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8DC9E000-8F8D-4DF7-A7BA-0F2B45E4E89E",
"versionEndExcluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user."
},
{
"lang": "es",
"value": "Zoom Rooms for Conference Rooms para Windows versiones anteriores a 5.11.0, son susceptibles de una vulnerabilidad de escalada de privilegios local. Un usuario local malicioso poco privilegiado podr\u00eda aprovechar esta vulnerabilidad para escalar sus privilegios al usuario SYSTEM."
}
],
"id": "CVE-2022-28752",
"lastModified": "2024-11-21T06:57:51.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-17T22:15:08.640",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:32
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39824",
"lastModified": "2024-09-04T21:32:02.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.670",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 21:15
Modified
2024-11-21 06:57
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9A4FFD8B-AAFF-4187-9603-303E045ABBC6",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "AC5B36F0-62C9-45F9-A446-06302517C430",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B1211D7C-9D7D-48D2-919E-CE69816BB5BC",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CA075C4F-52CB-45DB-8FC3-9E09D748A9A7",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "797ADEB2-DBD7-4437-97CE-FB3AC472708D",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6C49EC7B-3A03-451C-BBC4-CBD1AE555A78",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4F725CBC-7382-46DB-A369-C7DE4F7BC260",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7DF05B3E-5E82-4296-A9C9-6545333C7C18",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8C098940-2C55-4183-AFEC-A30423DF5EA4",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D65A2943-960F-4652-A8F3-17764952C530",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37E75456-2466-481D-9675-6E8E1D57B147",
"versionEndExcluding": "5.12.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account."
},
{
"lang": "es",
"value": "Zoom Client para reuniones (para Android, iOS, Linux, macOS y Windows) anterior a la versi\u00f3n 5.12.6 es susceptible a una vulnerabilidad de exposici\u00f3n de informaci\u00f3n local. Si no se borran los datos de una base de datos SQL local despu\u00e9s de finalizar una reuni\u00f3n y el uso de una clave por dispositivo insuficientemente segura que cifra esa base de datos da como resultado que un usuario malicioso local pueda obtener informaci\u00f3n de la reuni\u00f3n, como el chat de la reuni\u00f3n anterior atendido desde esa cuenta de usuario local."
}
],
"id": "CVE-2022-28764",
"lastModified": "2024-11-21T06:57:53.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T21:15:13.123",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 20:15
Modified
2024-11-21 08:59
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C55B10D9-2F21-4C29-A71E-0B8757029F16",
"versionEndExcluding": "5.17.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n en el instalador de Zoom Rooms Client para Windows anterior a la versi\u00f3n 5.17.5 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24692",
"lastModified": "2024-11-21T08:59:31.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-13T20:15:07.273",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
3.1 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532",
"versionEndExcluding": "5.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access."
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda no confiable en Zoom Rooms Client para Windows y Zoom VDI Client puede permitir que un usuario privilegiado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-39202",
"lastModified": "2024-11-21T08:14:54.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:08.310",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:09
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D36E4AC-3475-4535-B2CD-4B5A91F723F7",
"versionEndExcluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"id": "CVE-2023-36538",
"lastModified": "2024-11-21T08:09:53.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T18:15:20.357",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 20:15
Modified
2024-11-21 08:59
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C55B10D9-2F21-4C29-A71E-0B8757029F16",
"versionEndExcluding": "5.17.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en el instalador de Zoom Rooms Client para Windows anterior a la versi\u00f3n 5.17.5 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24693",
"lastModified": "2024-11-21T08:59:31.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-13T20:15:07.760",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-379"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:59
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": " La gesti\u00f3n inadecuada de privilegios en el instalador de la aplicaci\u00f3n de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-42440",
"lastModified": "2024-08-28T23:59:01.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.757",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 19:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FDE2BDCA-B503-4863-8874-F6D39266209B",
"versionEndExcluding": "5.12.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."
},
{
"lang": "es",
"value": "El instalador de Zoom Rooms para Windows anterior a 5.12.6 contiene una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad durante el proceso de instalaci\u00f3n para escalar sus privilegios al usuario SYSTEM."
}
],
"id": "CVE-2022-36929",
"lastModified": "2024-11-21T07:14:06.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T19:15:11.540",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C7B8981-66F8-4309-98C6-63B4665229EF",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FDCC89D1-EB4D-496D-82C6-B0BBA942286F",
"versionEndExcluding": "5.16.12",
"versionStartExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ECD4FC8B-5FB2-4667-B92F-26F2A951EE40",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "BA20AF82-C1DF-4C05-91ED-F5DC1A92C0A3",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D5C425F2-9B12-4E3A-88CD-BD7AC0EEB0F6",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5E7DB9AA-DB7D-4F3F-A7EA-A482F328F8AB",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6E5232D6-0338-4FCC-AB49-39EA6B75B91D",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
"versionEndExcluding": "5.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n inadecuada en algunos clientes de Zoom puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24698",
"lastModified": "2024-11-21T08:59:31.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.967",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 22:15
Modified
2024-11-21 08:14
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C993CD54-5D54-4979-84A7-E1B6AC13391C",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F20636D4-1E23-4703-9574-7E68DB9F6CF4",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D48D7F93-C36E-49EC-9767-EC9604750FE7",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "C7F7B4F1-B1C5-43FB-A41B-302675CE7DBD",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "6098D0DF-2760-44A3-88C3-F120EA4F9771",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6ADE88B6-FFDF-40CF-A262-41906B97669C",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AE37FB8-AB87-4FCC-9D7A-375418FEE1A1",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7DE837CD-CC55-4910-83B8-7295E544113A",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "16F58270-1E18-4FF9-BABA-895F7018D514",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FB104E47-F37D-4B3D-8530-B87893D3AD90",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CB71D63A-ECCB-4371-B1E3-25BF96E5D84E",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61B77771-BBE7-49A8-82C4-0DC27D3D0E97",
"versionEndExcluding": "5.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"id": "CVE-2023-39214",
"lastModified": "2024-11-21T08:14:55.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T22:15:10.737",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:09
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D36E4AC-3475-4535-B2CD-4B5A91F723F7",
"versionEndExcluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
],
"id": "CVE-2023-36536",
"lastModified": "2024-11-21T08:09:53.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T18:15:20.247",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 19:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B407E1BA-C5DA-45A4-A2DA-900B47E9D69E",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
},
{
"lang": "es",
"value": "Los clientes de Zoom Rooms para macOS anteriores a la versi\u00f3n 5.11.3 contienen una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para escalar sus privilegios a root."
}
],
"id": "CVE-2022-36926",
"lastModified": "2024-11-21T07:14:06.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T19:15:11.177",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E",
"versionEndExcluding": "5.15.12",
"versionStartExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "AD4CD81C-1F22-45CA-8AB1-D6D59E819759",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en algunos clientes de Zoom puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24690",
"lastModified": "2024-11-21T08:59:30.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.000",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:58
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": " La gesti\u00f3n inadecuada de privilegios en el instalador de la aplicaci\u00f3n de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-42441",
"lastModified": "2024-08-28T23:58:06.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.990",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:09
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FC3F07BF-C1ED-4CF9-B80E-B4373C97ED66",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "436C54EE-B52B-4F58-8883-E9D19501C08A",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E041B2BA-CDF0-462A-95CD-8F23D8804A61",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "72486794-B1B9-4035-BF0F-7BF9E9298CD4",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D94CAE4E-F680-4E96-AAFB-FC53B695F210",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "54090A11-AAB6-4796-9B61-84E6F8BD4471",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "33C337B6-2098-4B95-8BDA-8FA009540E25",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C48C0F49-74C1-4E81-81CC-08928A3F8853",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "7241B980-9BFE-4675-852C-3C3515AA1874",
"versionEndExcluding": "5.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7BEEBBF1-8759-4ED0-912F-29176263A1E3",
"versionEndExcluding": "5.14.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en los clientes Zoom anteriores a la versi\u00f3n 5.14.5 puede permitir a un usuario no autenticado activar una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red. "
}
],
"id": "CVE-2023-36532",
"lastModified": "2024-11-21T08:09:52.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:13.937",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-27 14:15
Modified
2024-11-21 06:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | rooms | * | |
| zoom | screen_sharing | * | |
| zoom | screen_sharing | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "37C37A72-A64B-4823-B1E1-4EB0B7283629",
"versionEndExcluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA912D24-7983-4F87-B845-7464F24EE239",
"versionEndExcluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:screen_sharing:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7B7ED4B1-5A0F-4738-AC25-46846F3D1127",
"versionEndExcluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:screen_sharing:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "FC50FFA5-57A1-4E3C-A53B-8B0622A437FA",
"versionEndExcluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
},
{
"lang": "es",
"value": "Se ha detectado que los paquetes de instalaci\u00f3n de Zoom Client for Meetings para MacOS (Standard y para IT Admin) antes de la versi\u00f3n 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad antes de la versi\u00f3n 5.2.0, y Zoom Rooms for Conference antes de la versi\u00f3n 5.1.0, copian scripts de shell previos y posteriores a la instalaci\u00f3n en un directorio escribible por el usuario. En los productos afectados que se enumeran a continuaci\u00f3n, un actor malintencionado con acceso local a la m\u00e1quina de un usuario podr\u00eda utilizar este defecto para ejecutar potencialmente comandos arbitrarios del sistema en un contexto con mayores privilegios durante el proceso de instalaci\u00f3n"
}
],
"id": "CVE-2021-34409",
"lastModified": "2024-11-21T06:10:20.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T14:15:08.137",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-30 03:15
Modified
2024-11-21 08:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.1 | |
| zoom | rooms | 5.15.0 | |
| zoom | rooms | 5.15.0 | |
| zoom | rooms | 5.15.0 | |
| zoom | video_software_development_kit | 1.8.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.1 | |
| zoom | poly_ccx_700_firmware | 5.15.0 | |
| zoom | poly_ccx_700 | - | |
| zoom | poly_ccx_600_firmware | 5.15.0 | |
| zoom | poly_ccx_600 | - | |
| zoom | yealink_vp59_firmware | 5.15.0 | |
| zoom | yealink_vp59 | - | |
| zoom | yealink_mp54_firmware | 5.15.0 | |
| zoom | yealink_mp54 | - | |
| zoom | yealink_mp56_firmware | 5.15.0 | |
| zoom | yealink_mp56 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "B19B33AC-0C62-48B8-974F-EBB94700432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "64EC33E5-F6E4-4845-B181-52DEC0E707BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3E84645-EF69-4A61-B946-5DEEDD27A85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "1735FAF3-E7B4-4615-92AD-5BA3399F6D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "2FFA4C37-4EFB-42F5-98BE-811F413113F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB880FF-8853-45AE-818A-23CECB48E030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84A39B46-A23B-4194-BDBF-16C337ADD1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*",
"matchCriteriaId": "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "502FC5A5-08CE-464F-A39E-FB16476F7B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "8AB43228-B469-46D9-BE1E-F7BCCC777F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "E7777FBA-8B77-430F-8B64-AFB14E517179",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEC1BF64-379E-4623-9F5F-EC37D9AE8928",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27D5E538-97CB-4F05-B8FC-AC6497425E78",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E12A046-159E-4E45-954F-57A0C43938F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A85D6BC1-E736-487F-8C02-C54B49F7C8B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE053959-5DE3-4954-8FD5-7D15FA77BC77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C661E9DF-1D17-408A-95D9-DE5D941EC93B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F942425-D356-47BA-95A6-61E1FD5029F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31C96F0F-E282-427B-92C7-225252952F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5097727-AE57-436F-B7EF-E93BD96B2E23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information."
},
{
"lang": "es",
"value": "La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible."
}
],
"id": "CVE-2023-36539",
"lastModified": "2024-11-21T08:09:53.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-30T03:15:09.747",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 00:15
Modified
2024-11-21 08:24
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532",
"versionEndExcluding": "5.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inadecuada en algunos clientes de Zoom puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-43582",
"lastModified": "2024-11-21T08:24:26.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T00:15:08.673",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-939"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532",
"versionEndExcluding": "5.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": "Los problemas criptogr\u00e1ficos con el chat durante la reuni\u00f3n para algunos clientes de Zoom pueden permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-39199",
"lastModified": "2024-11-21T08:14:54.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:08.090",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-325"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-15 21:15
Modified
2024-11-21 06:47
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9A9C49F0-3217-457C-A0B1-7F5C8E8CEC75",
"versionEndExcluding": "5.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D23D8639-6B13-4EA7-AA8B-08F359466343",
"versionEndExcluding": "5.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."
},
{
"lang": "es",
"value": "El instalador de Zoom Opener es descargado por un usuario desde la p\u00e1gina de inicio de reuniones, cuando intenta unirse a una reuni\u00f3n sin tener instalado el cliente de reuniones de Zoom. El instalador de Zoom Opener para Zoom Client for Meetings versiones anteriores a 5.10.3 y Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.3, son susceptibles de un ataque de inyecci\u00f3n de DLL. Esta vulnerabilidad podr\u00eda usarse para ejecutar c\u00f3digo arbitrario en el host de la v\u00edctima"
}
],
"id": "CVE-2022-22788",
"lastModified": "2024-11-21T06:47:27.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T21:15:09.243",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 00:15
Modified
2024-11-21 08:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": "Una gesti\u00f3n inadecuada de privilegios en Zoom Rooms para macOS anterior a la versi\u00f3n 5.16.0 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-43591",
"lastModified": "2024-11-21T08:24:27.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T00:15:09.237",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-280"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-18 16:15
Modified
2024-11-21 06:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DDF53A4B-7533-4DDA-9BEF-C803127FEDDD",
"versionEndExcluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1E1D0BD4-E782-4F27-8556-9C8F98396C1C",
"versionEndExcluding": "5.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
},
{
"lang": "es",
"value": "Zoom Client for Meetings para Windows versiones anteriores a 5.10.0 y Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.0, no comprueban apropiadamente la versi\u00f3n de instalaci\u00f3n durante el proceso de actualizaci\u00f3n. Este problema podr\u00eda ser usado en un ataque m\u00e1s sofisticado para enga\u00f1ar a un usuario para que actualice su cliente Zoom a una versi\u00f3n menos segura"
}
],
"id": "CVE-2022-22786",
"lastModified": "2024-11-21T06:47:26.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-18T16:15:08.750",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:06
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D36E4AC-3475-4535-B2CD-4B5A91F723F7",
"versionEndExcluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"id": "CVE-2023-34119",
"lastModified": "2024-11-21T08:06:35.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T18:15:16.363",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42436",
"lastModified": "2024-09-04T21:38:05.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.790",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 19:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B407E1BA-C5DA-45A4-A2DA-900B47E9D69E",
"versionEndExcluding": "5.11.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
},
{
"lang": "es",
"value": "Los clientes de Zoom Rooms para macOS anteriores a la versi\u00f3n 5.11.3 contienen una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para escalar sus privilegios a root."
}
],
"id": "CVE-2022-36927",
"lastModified": "2024-11-21T07:14:06.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T19:15:11.313",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "440B9710-9B66-4F17-A4EE-C1D11DF4DC76",
"versionEndExcluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B3F99428-4438-47DA-BD2D-FF61BF1CC736",
"versionEndExcluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "392358DF-EC53-4538-A361-F467B8DFEE8B",
"versionEndExcluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD",
"versionEndExcluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "33188B54-F6E1-4556-8A90-9DD7384AF299",
"versionEndExcluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532",
"versionEndExcluding": "5.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-39206",
"lastModified": "2024-11-21T08:14:54.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:09.073",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:06
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "72486794-B1B9-4035-BF0F-7BF9E9298CD4",
"versionEndExcluding": "5.14.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"id": "CVE-2023-34118",
"lastModified": "2024-11-21T08:06:35.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T18:15:16.300",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:30
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39823",
"lastModified": "2024-09-04T21:30:22.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.437",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E",
"versionEndExcluding": "5.15.12",
"versionStartExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom Meeting SDK para Windows puede permitir que un usuario no autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24691",
"lastModified": "2024-11-21T08:59:30.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.200",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-176"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:35
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42434",
"lastModified": "2024-09-04T21:35:50.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.270",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-27 14:15
Modified
2024-11-21 06:10
Severity ?
Summary
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1470544F-C876-477E-B4CC-86F666DE3833",
"versionEndExcluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation."
},
{
"lang": "es",
"value": "Durante el proceso de instalaci\u00f3n de Zoom Rooms for Conference Room para Windows versiones anteriores a 5.3.0, es posible iniciar Internet Explorer con privilegios elevados. Si el instalador se lanz\u00f3 con privilegios elevados, como por ejemplo por SCCM, esto puede resultar en una escalada de privilegios local"
}
],
"id": "CVE-2021-34411",
"lastModified": "2024-11-21T06:10:20.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-27T14:15:08.223",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 19:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "11698115-1441-424C-976A-D1E8A42827B1",
"versionEndExcluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user."
},
{
"lang": "es",
"value": "Los instaladores de Zoom Rooms para Windows anteriores a la versi\u00f3n 5.13.0 contienen una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad en una cadena de ataque para escalar sus privilegios al usuario SYSTEM."
}
],
"id": "CVE-2022-36930",
"lastModified": "2024-11-21T07:14:06.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T19:15:11.660",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_sdk | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF19578-CD2C-40F8-9A97-7979CB9091DC",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B91935BE-F245-4ADD-A206-D318618BAA1D",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "517DE939-52E8-4AA5-A987-F18931242DD1",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5C5BD790-A2A7-4089-AF42-1FC13E0087D5",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "AD4CD81C-1F22-45CA-8AB1-D6D59E819759",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.\n"
},
{
"lang": "es",
"value": "Un error de l\u00f3gica empresarial en algunos clientes de Zoom puede permitir que un usuario autenticado realice la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24699",
"lastModified": "2024-11-21T08:59:32.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:48.150",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:14
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A529300E-4547-4D4D-B2EB-762C4F107CD8",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "42FCEAAC-A453-4EDA-90A9-A82A23D8F685",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "666607A8-8F43-4B14-9CA7-D851376D05B5",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8F8E8291-00C6-49CA-AB93-5E9FD0868959",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1430CF6C-7A2B-4755-8AEC-95E706DA1F07",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "1A66A1E5-9D2A-4533-B803-6C1B74C7AA5D",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "516E7E40-A476-4277-8363-43FE4F748240",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "3674A229-D066-4C97-93C5-E30824B54742",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6B3D7B50-B13B-45D3-AE2C-7EBB1DE30FA4",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B2DE0D4A-F97E-41D3-9906-427BEFFBDB8F",
"versionEndExcluding": "5.14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access."
}
],
"id": "CVE-2023-39218",
"lastModified": "2024-11-21T08:14:56.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:23.997",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-602"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 22:15
Modified
2024-11-21 08:14
Severity ?
7.9 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AE37FB8-AB87-4FCC-9D7A-375418FEE1A1",
"versionEndExcluding": "5.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\n"
}
],
"id": "CVE-2023-39212",
"lastModified": "2024-11-21T08:14:55.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T22:15:10.567",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-144"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42437",
"lastModified": "2024-09-04T21:39:02.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.047",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C7B8981-66F8-4309-98C6-63B4665229EF",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9705C2B6-78E0-4C1A-B839-58639E7E6AED",
"versionEndExcluding": "5.16.2",
"versionStartExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD5E2981-940C-448D-8449-AD4CAB1651CA",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
"versionEndExcluding": "5.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\n"
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda que no es de confianza en algunos clientes Zoom de Windows de 32 bits puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24697",
"lastModified": "2024-11-21T08:59:31.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.770",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-17 23:15
Modified
2024-11-21 06:57
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "797ADEB2-DBD7-4437-97CE-FB3AC472708D",
"versionEndExcluding": "5.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D65A2943-960F-4652-A8F3-17764952C530",
"versionEndExcluding": "5.12.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client."
},
{
"lang": "es",
"value": "Las versiones de Windows de 32 bits de Zoom Client for Meetings anteriores a 5.12.6 y Zoom Rooms for Meetings anteriores a 5.12.6 son susceptibles a una vulnerabilidad de inyecci\u00f3n de DLL. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del cliente Zoom."
}
],
"id": "CVE-2022-28766",
"lastModified": "2024-11-21T06:57:53.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T23:15:15.007",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-11 13:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E912DE5E-BF3D-4E73-B302-BB106AFA733D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E50584-63DB-4C50-949B-D79212E331DB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C12B253E-09FA-443A-8B05-95C7F988D733",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
},
{
"lang": "es",
"value": " El fallo del mecanismo de protecci\u00f3n para algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39818",
"lastModified": "2024-09-11T13:27:30.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:14.957",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 18:15
Modified
2024-11-21 08:06
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3B7131D9-0B21-4DC3-A7FF-C318D862211C",
"versionEndExcluding": "5.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2EEE52E3-E80E-4CD2-B778-95F513E5EBFF",
"versionEndExcluding": "5.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF7C01-346E-4FF6-BDDF-6B642EE08130",
"versionEndExcluding": "5.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
],
"id": "CVE-2023-34121",
"lastModified": "2024-11-21T08:06:35.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T18:15:21.987",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6542B8C0-31B4-40A0-B6F3-136C5A16EFE8",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5722E765-C79A-4A21-9E03-2634D5E7F2F9",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "86B49D79-7C51-46BE-87C2-93717D687531",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F6679219-E822-4E14-98CF-1661E343143E",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "63776027-642A-4B76-A561-F658045ECBD3",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "81A22013-04BC-4F45-8295-81C5FD441FC1",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "B399594A-A021-4CCF-BD2D-3E43FC0BF8B2",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0DACEF42-D48D-4CDD-B72C-0C1C2A63DF96",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5C73290C-5F04-40AC-BFD8-64E2E53E3EF0",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "C29E2E20-94A0-4516-8815-F634290D1C3A",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "10213F87-D42E-47F0-A0E4-3EEC68D024B8",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6E3A49AF-5716-4516-8BC5-2DF788E6608C",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "24D1C345-4BF0-4027-A7C1-4D2FD8106EFB",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DE7C3EFB-8CDF-447F-BDFC-2914C7DF8449",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532",
"versionEndExcluding": "5.14.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E",
"versionEndExcluding": "5.15.11",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "229A05D6-27BE-46A0-ADA8-C37873A24EA0",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "42CDC31F-325B-43A1-8266-34317C644630",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C7B42405-380C-42AD-9B87-99EB92E433BE",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "351C219A-492B-4DC8-B92F-1B609A16459A",
"versionEndExcluding": "5.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3D834D47-BF15-461E-A908-3F7A919C2ED2",
"versionEndExcluding": "5.15.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-39204",
"lastModified": "2024-11-21T08:14:54.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T23:15:08.687",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-16 21:15
Modified
2024-11-21 07:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4D678B4D-3E7B-4130-98C8-4776FB746AFB",
"versionEndExcluding": "5.13.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E0A18B3A-9C99-4865-A353-47343CF7E6A7",
"versionEndExcluding": "5.13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4603F137-E9B9-4F66-8431-8ABDF1DBFE0C",
"versionEndExcluding": "5.13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft\u2019s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft\u2019s telemetry behavior."
}
],
"id": "CVE-2023-22880",
"lastModified": "2024-11-21T07:45:34.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-16T21:15:12.893",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 00:15
Modified
2024-11-21 08:24
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.\n"
},
{
"lang": "es",
"value": "El seguimiento de enlaces en Zoom Rooms para macOS anteriores a la versi\u00f3n 5.16.0 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-43590",
"lastModified": "2024-11-21T08:24:27.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T00:15:09.050",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-11 18:15
Modified
2024-11-21 08:09
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "72486794-B1B9-4035-BF0F-7BF9E9298CD4",
"versionEndExcluding": "5.14.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"id": "CVE-2023-36537",
"lastModified": "2024-11-21T08:09:53.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-11T18:15:20.307",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-27 21:15
Modified
2025-02-19 16:15
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9A22E1F9-8302-4990-8118-4A2D6A38A605",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "2F296A18-F2FE-44F8-A803-F5CEE0FEE3CD",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "BD7706B3-16ED-44E8-B41C-C55E8C715713",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "17083D16-FEE1-4DE4-8EBC-FBCA89AC3DD1",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "186D705B-003C-4991-93FC-AA71C1656C68",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "54800A16-98E2-4903-B2B0-D5C66C4AC845",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "35139855-F16B-4149-88EE-05C0C4040C38",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "1C4200BC-CF56-4795-80EF-0E4D3A43F883",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "A31F4838-E56D-4C7E-BA09-17E10D54A273",
"versionEndExcluding": "5.13.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DDDF143E-324E-4D0C-83D1-2E66DDE760E2",
"versionEndExcluding": "5.13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB64BAF-EB86-40B9-A123-7C1C7EFDE5AC",
"versionEndExcluding": "5.13.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user\u0027s device and data, and remote code execution."
}
],
"id": "CVE-2023-28597",
"lastModified": "2025-02-19T16:15:37.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-27T21:15:12.260",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:09
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A529300E-4547-4D4D-B2EB-762C4F107CD8",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "42FCEAAC-A453-4EDA-90A9-A82A23D8F685",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "666607A8-8F43-4B14-9CA7-D851376D05B5",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8F8E8291-00C6-49CA-AB93-5E9FD0868959",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1430CF6C-7A2B-4755-8AEC-95E706DA1F07",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "1A66A1E5-9D2A-4533-B803-6C1B74C7AA5D",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "516E7E40-A476-4277-8363-43FE4F748240",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "3674A229-D066-4C97-93C5-E30824B54742",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6B3D7B50-B13B-45D3-AE2C-7EBB1DE30FA4",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B2DE0D4A-F97E-41D3-9906-427BEFFBDB8F",
"versionEndExcluding": "5.14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n del lado del cliente de la seguridad del lado del servidor en los clientes en Zoom anteriores a la versi\u00f3n 5.14.10 puede permitir que un usuario autenticado permita la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-36535",
"lastModified": "2024-11-21T08:09:53.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:14.207",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:36
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42435",
"lastModified": "2024-09-04T21:36:53.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.510",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24029 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3317B66C-1FBB-4F9C-BC87-8AE4A18D96EE",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D300722C-BFDD-45B5-AA62-4ADE987B1B08",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "DDDA5ACF-B421-451F-997B-3A11CA39EAD8",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F607299C-CA29-49AE-98E6-E26DF095D649",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E6290901-6547-4AAF-89D2-D95A8AF8FA4F",
"versionEndExcluding": "6.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39822",
"lastModified": "2024-09-04T21:28:37.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.207",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-17 23:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D65A2943-960F-4652-A8F3-17764952C530",
"versionEndExcluding": "5.12.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."
},
{
"lang": "es",
"value": "El instalador de Zoom Rooms para Windows anterior a 5.12.6 contiene una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podr\u00eda aprovechar esta vulnerabilidad durante el proceso de instalaci\u00f3n para escalar sus privilegios al usuario del SYSTEM."
}
],
"id": "CVE-2022-36924",
"lastModified": "2024-11-21T07:14:05.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T23:15:17.667",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 22:15
Modified
2024-11-21 08:14
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AE37FB8-AB87-4FCC-9D7A-375418FEE1A1",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61B77771-BBE7-49A8-82C4-0DC27D3D0E97",
"versionEndExcluding": "5.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access."
}
],
"id": "CVE-2023-39211",
"lastModified": "2024-11-21T08:14:55.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T22:15:10.473",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:34
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E912DE5E-BF3D-4E73-B302-BB106AFA733D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E50584-63DB-4C50-949B-D79212E331DB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C12B253E-09FA-443A-8B05-95C7F988D733",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones de Zoom Workplace y Rooms Clients puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39825",
"lastModified": "2024-09-04T21:34:15.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.890",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-09 19:15
Modified
2024-11-21 07:14
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "A4384482-1475-4DDF-8C12-1E932B6F7F7D",
"versionEndExcluding": "5.11.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service."
},
{
"lang": "es",
"value": "Los clientes de Zoom Rooms para macOS anteriores a la versi\u00f3n 5.11.4 contienen un mecanismo de generaci\u00f3n de claves inseguro. La clave de cifrado utilizada para IPC entre el servicio demonio de Zoom Rooms y el cliente de Zoom Rooms se gener\u00f3 utilizando par\u00e1metros que podr\u00edan obtenerse mediante una aplicaci\u00f3n local con pocos privilegios. Luego, esa clave se puede utilizar para interactuar con el servicio demonio para ejecutar funciones privilegiadas y provocar una denegaci\u00f3n de servicio local."
}
],
"id": "CVE-2022-36925",
"lastModified": "2024-11-21T07:14:05.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-09T19:15:10.987",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-24697
Vulnerability from cvelistv5
Published
2024-02-13 23:53
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:53:43.589Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Untrusted Search Path",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24697",
"datePublished": "2024-02-13T23:53:43.589Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2024-08-01T23:28:11.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28752
Vulnerability from cvelistv5
Published
2022-08-17 21:06
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Room for Conference Room for Windows |
Version: unspecified < 5.11.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Room for Conference Room for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "sim0nsecurity"
}
],
"datePublic": "2022-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T21:06:50",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in the Zoom Rooms for Windows Client",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-08-09",
"ID": "CVE-2022-28752",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation in the Zoom Rooms for Windows Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Room for Conference Room for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.11.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "sim0nsecurity"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-28752",
"datePublished": "2022-08-17T21:06:50.206218Z",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-09-17T03:58:48.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34409
Vulnerability from cvelistv5
Published
2021-09-27 13:55
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom Client for Meetings for MacOS (Standard and for IT Admin) |
Version: unspecified < 5.2.0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client Plugin for Sharing iPhone/iPad",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lockheed Martin Red Team"
}
],
"datePublic": "2021-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T19:28:13",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"source": {
"discovery": "USER"
},
"title": "Zoom Client Installer Local Privilege Escalation",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2021-12-14T15:00:00.000Z",
"ID": "CVE-2021-34409",
"STATE": "PUBLIC",
"TITLE": "Zoom Client Installer Local Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Client Plugin for Sharing iPhone/iPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.1.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lockheed Martin Red Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Creation of Temporary File in Directory with Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2021-34409",
"datePublished": "2021-09-27T13:55:40.225848Z",
"dateReserved": "2021-06-09T00:00:00",
"dateUpdated": "2024-09-16T23:46:09.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24699
Vulnerability from cvelistv5
Published
2024-02-13 23:58
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T14:00:35.091787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:37.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.\u003cbr\u003e"
}
],
"value": "Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-441",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-441 Malicious Logic Insertion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Business Logic Error",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:58:44.327Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Business Logic Error",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24699",
"datePublished": "2024-02-13T23:58:44.327Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2024-08-01T23:28:11.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36929
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for Windows |
Version: unspecified < 5.12.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:31.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for Windows Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36929",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:31.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39211
Vulnerability from cvelistv5
Published
2023-08-08 21:30
Modified
2024-10-10 16:20
Severity ?
EPSS score ?
Summary
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows and Zoom Rooms for Windows |
Version: before 5.15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:20:08.759908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:20:17.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows and Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access."
}
],
"value": "Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:04:41.063Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39211",
"datePublished": "2023-08-08T21:30:46.350Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-10-10T16:20:17.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24691
Vulnerability from cvelistv5
Published
2024-02-14 00:01
Modified
2024-09-20 14:48
Severity ?
EPSS score ?
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003cbr\u003e"
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176: Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:48:21.535Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24691",
"datePublished": "2024-02-14T00:01:30.884Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-09-20T14:48:21.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24692
Vulnerability from cvelistv5
Published
2024-03-13 19:27
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms Client for Windows |
Version: before version 5.17.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T15:52:00.471613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:08.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Rooms Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before version 5.17.5"
}
]
}
],
"datePublic": "2024-03-12T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access."
}
],
"value": "Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T19:27:30.446Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Rooms Client for Windows - Race Condition",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24692",
"datePublished": "2024-03-13T19:27:30.446Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-08-01T23:28:11.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42434
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:36
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:36:35.542410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:36:48.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:38.167Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42434",
"datePublished": "2024-08-14T16:39:38.167Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:36:48.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42435
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:58
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:57:52.940338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:58:02.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:46.183Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42435",
"datePublished": "2024-08-14T16:39:46.183Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:58:02.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42440
Vulnerability from cvelistv5
Published
2024-08-14 16:44
Modified
2024-08-14 18:06
Severity ?
EPSS score ?
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "macos_meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unaffected",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unaffected",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:58:35.327020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:06:25.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "before version 6.1.5"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:46:10.026Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42440",
"datePublished": "2024-08-14T16:44:46.080Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T18:06:25.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34411
Vulnerability from cvelistv5
Published
2021-09-27 13:55
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Zoom Rooms for Conference Room for Windows |
Version: All versions before 5.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for Conference Room for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 5.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T21:01:26",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zoom.us",
"ID": "CVE-2021-34411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Rooms for Conference Room for Windows",
"version": {
"version_data": [
{
"version_value": "All versions before 5.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "CONFIRM",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2021-34411",
"datePublished": "2021-09-27T13:55:50",
"dateReserved": "2021-06-09T00:00:00",
"dateUpdated": "2024-08-04T00:12:50.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39218
Vulnerability from cvelistv5
Published
2023-08-08 17:54
Modified
2024-10-10 16:20
Severity ?
EPSS score ?
Summary
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: before 5.14.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:20:49.320796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:20:58.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.10"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access."
}
],
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22: Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:54:59.577Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39218",
"datePublished": "2023-08-08T17:54:59.577Z",
"dateReserved": "2023-07-25T18:38:00.939Z",
"dateUpdated": "2024-10-10T16:20:58.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36926
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36926",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28597
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-19 15:27
Severity ?
EPSS score ?
Summary
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom (for Android, iOS, Linux, macOS, and Windows) |
Version: unspecified < 5.13.5 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:22.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:26:38.358743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:27:48.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zoom (for Android, iOS, Linux, macOS, and Windows)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms (for Android, iOS, Linux, macOS, and Windows)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom VDI for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user\u0027s device and data, and remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501: Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Improper trust boundary implementation for SMB in Zoom Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-28597",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-17T00:00:00.000Z",
"dateUpdated": "2025-02-19T15:27:48.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43591
Vulnerability from cvelistv5
Published
2023-11-14 23:16
Modified
2024-09-27 19:19
Severity ?
EPSS score ?
Summary
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for macOS |
Version: before 5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:19:29.418586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:20:54.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.16.0"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:19:10.330Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43591",
"datePublished": "2023-11-14T23:16:55.146Z",
"dateReserved": "2023-09-19T22:05:40.666Z",
"dateUpdated": "2024-09-27T19:19:10.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42441
Vulnerability from cvelistv5
Published
2024-08-14 16:46
Modified
2024-08-16 13:17
Severity ?
EPSS score ?
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos_meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:31:24.474262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:17:55.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "before version 6.1.5"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:46:17.936Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42441",
"datePublished": "2024-08-14T16:46:17.936Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T13:17:55.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36930
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for Windows |
Version: unspecified < 5.13.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:31.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for Windows Installers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36930",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:21:31.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36538
Vulnerability from cvelistv5
Published
2023-07-11 17:12
Modified
2024-10-23 15:41
Severity ?
EPSS score ?
Summary
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:34:00.567004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:41:31.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.0"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T13:51:25.061Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36538",
"datePublished": "2023-07-11T17:12:17.255Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-10-23T15:41:31.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36535
Vulnerability from cvelistv5
Published
2023-08-08 17:39
Modified
2024-10-08 15:03
Severity ?
EPSS score ?
Summary
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: before 5.14.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T15:00:22.199594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:03:49.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.10"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access."
}
],
"value": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T18:47:30.828Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36535",
"datePublished": "2023-08-08T17:39:51.259Z",
"dateReserved": "2023-06-22T18:04:31.168Z",
"dateUpdated": "2024-10-08T15:03:49.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42437
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 17:44
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:34:09.873943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:44:29.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:12.866Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42437",
"datePublished": "2024-08-14T16:41:12.866Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T17:44:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39202
Vulnerability from cvelistv5
Published
2023-11-14 22:17
Modified
2024-08-29 15:21
Severity ?
EPSS score ?
Summary
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms Client for Windows and Zoom VDI Client |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:11:50.788187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:21:02.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Rooms Client for Windows and Zoom VDI Client",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access."
}
],
"value": "Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:19:51.335Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39202",
"datePublished": "2023-11-14T22:17:33.784Z",
"dateReserved": "2023-07-25T18:37:58.424Z",
"dateUpdated": "2024-08-29T15:21:02.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36927
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36927",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36539
Vulnerability from cvelistv5
Published
2023-06-30 02:01
Modified
2024-10-28 13:04
Severity ?
EPSS score ?
Summary
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom clients |
Version: See references link for ZSB-23025 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:04:31.982326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:04:46.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "See references link for ZSB-23025"
}
]
}
],
"datePublic": "2023-06-30T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 250);\"\u003eExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\u003c/span\u003e"
}
],
"value": "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:25:53.635Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36539",
"datePublished": "2023-06-30T02:01:21.401Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-10-28T13:04:46.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34118
Vulnerability from cvelistv5
Published
2023-07-11 17:01
Modified
2024-10-22 20:34
Severity ?
EPSS score ?
Summary
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.14.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:30:52.521794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:34:26.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:29:43.915Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-34118",
"datePublished": "2023-07-11T17:01:56.053Z",
"dateReserved": "2023-05-25T22:01:29.097Z",
"dateUpdated": "2024-10-22T20:34:26.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24698
Vulnerability from cvelistv5
Published
2024-02-13 23:56
Modified
2024-09-27 19:28
Severity ?
EPSS score ?
Summary
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T15:30:17.531210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:32.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.\u003cbr\u003e"
}
],
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:28:28.333Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24698",
"datePublished": "2024-02-13T23:56:14.515Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2024-09-27T19:28:28.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39212
Vulnerability from cvelistv5
Published
2023-08-08 21:32
Modified
2024-10-04 17:31
Severity ?
EPSS score ?
Summary
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T17:29:36.000195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T17:31:17.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\n"
}
],
"value": "\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-144",
"description": "CWE-144: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T21:32:20.220Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39212",
"datePublished": "2023-08-08T21:32:20.220Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-10-04T17:31:17.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36925
Vulnerability from cvelistv5
Published
2023-01-09 00:00
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Version: unspecified < 5.11.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure key generation for Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36925",
"datePublished": "2023-01-09T00:00:00",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36532
Vulnerability from cvelistv5
Published
2023-08-08 17:30
Modified
2024-10-09 16:25
Severity ?
EPSS score ?
Summary
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: before 5.14.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T16:16:56.351712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T16:25:28.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"value": "Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:30:58.217Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36532",
"datePublished": "2023-08-08T17:30:58.217Z",
"dateReserved": "2023-06-22T18:04:31.168Z",
"dateUpdated": "2024-10-09T16:25:28.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39206
Vulnerability from cvelistv5
Published
2023-11-14 23:02
Modified
2024-08-29 15:45
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:33:18.137787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:45:07.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T23:02:41.332Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39206",
"datePublished": "2023-11-14T23:02:41.332Z",
"dateReserved": "2023-07-25T18:37:58.424Z",
"dateUpdated": "2024-08-29T15:45:07.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39824
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 18:07
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:07:03.024733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:07:26.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:26.880Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39824",
"datePublished": "2024-08-14T16:39:26.880Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T18:07:26.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34121
Vulnerability from cvelistv5
Published
2023-06-13 17:42
Modified
2025-01-02 20:00
Severity ?
EPSS score ?
Summary
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications, Inc. | Zoom for Windows |
Version: before 5.14.0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T19:59:23.228944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:00:09.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Zoom VDI for Windows Meeting Clients",
"vendor": "ZoomZoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.0"
}
]
}
],
"datePublic": "2023-06-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
],
"value": "Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153: Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:34:39.015Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-34121",
"datePublished": "2023-06-13T17:42:17.823Z",
"dateReserved": "2023-05-25T22:01:29.098Z",
"dateUpdated": "2025-01-02T20:00:09.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22788
Vulnerability from cvelistv5
Published
2022-06-15 20:12
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom Client for Meetings |
Version: unspecified < 5.10.3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "All Zoom Rooms for Conference Room for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by James Tsz Ko Yeung"
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T20:12:24",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "USER"
},
"title": "DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-06-14T12:00:00.000Z",
"ID": "CVE-2022-22788",
"STATE": "PUBLIC",
"TITLE": "DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.3"
}
]
}
},
{
"product_name": "All Zoom Rooms for Conference Room for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.3"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by James Tsz Ko Yeung"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-22788",
"datePublished": "2022-06-15T20:12:24.369929Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-16T20:17:33.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22880
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom for Windows |
Version: unspecified < 5.13.3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:31.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom VDI for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft\u2019s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft\u2019s telemetry behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information Disclosure in Zoom for Windows Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-22880",
"datePublished": "2023-03-16T00:00:00",
"dateReserved": "2023-01-09T00:00:00",
"dateUpdated": "2024-08-02T10:20:31.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39825
Vulnerability from cvelistv5
Published
2024-08-14 16:34
Modified
2024-08-16 13:28
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and Rooms Clients |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:49.345375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:28:41.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps and Rooms Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:34:53.595Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and Rooms Clients - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39825",
"datePublished": "2024-08-14T16:34:53.595Z",
"dateReserved": "2024-06-28T19:43:03.520Z",
"dateUpdated": "2024-08-16T13:28:41.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42438
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-16 20:05
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:04:49.519001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T20:05:07.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:18.732Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42438",
"datePublished": "2024-08-14T16:41:18.732Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T20:05:07.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39823
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 17:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:24:09.496617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:24:16.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:13.132Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39823",
"datePublished": "2024-08-14T16:39:13.132Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T17:24:16.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39818
Vulnerability from cvelistv5
Published
2024-08-14 16:36
Modified
2024-08-16 13:26
Severity ?
EPSS score ?
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and SDKs |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:34:38.585943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:26:38.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
}
],
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:36:37.347Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Protection Mechanism Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39818",
"datePublished": "2024-08-14T16:36:37.347Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-16T13:26:38.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36924
Vulnerability from cvelistv5
Published
2022-11-17 22:37
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms Installer for Windows |
Version: unspecified < 5.12.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms Installer for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Zoom Rooms Installer for Windows",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36924",
"datePublished": "2022-11-17T22:37:00.188914Z",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-09-16T19:36:44.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22786
Vulnerability from cvelistv5
Published
2022-05-18 15:42
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom Client for Meetings for Windows |
Version: unspecified < 5.10.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference Room for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ivan Fratric of Google Project Zero"
}
],
"datePublic": "2022-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Less Trusted Source",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-18T15:42:46",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"source": {
"discovery": "USER"
},
"title": "Update package downgrade in Zoom Client for Meetings for Windows",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-05-17T12:00:00.000Z",
"ID": "CVE-2022-22786",
"STATE": "PUBLIC",
"TITLE": "Update package downgrade in Zoom Client for Meetings for Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.0"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference Room for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ivan Fratric of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Less Trusted Source"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-22786",
"datePublished": "2022-05-18T15:42:46.414562Z",
"dateReserved": "2022-01-07T00:00:00",
"dateUpdated": "2024-09-16T18:38:27.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24693
Vulnerability from cvelistv5
Published
2024-03-13 19:30
Modified
2024-09-20 14:45
Severity ?
EPSS score ?
Summary
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms Client for Windows |
Version: before version 5.17.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T13:44:12.176188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:18.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Rooms Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before version 5.17.5"
}
]
}
],
"datePublic": "2024-03-12T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:45:54.008Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24009/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Rooms Client for Windows - Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24693",
"datePublished": "2024-03-13T19:30:22.311Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-09-20T14:45:54.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39822
Vulnerability from cvelistv5
Published
2024-08-14 16:38
Modified
2024-08-16 19:18
Severity ?
EPSS score ?
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:18:36.184406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:18:44.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:38:03.416Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39822",
"datePublished": "2024-08-14T16:38:03.416Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-16T19:18:44.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39199
Vulnerability from cvelistv5
Published
2023-11-14 23:06
Modified
2024-09-19 13:50
Severity ?
EPSS score ?
Summary
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:33:25.333843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:44:49.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:50:58.529Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39199",
"datePublished": "2023-11-14T23:06:21.805Z",
"dateReserved": "2023-07-25T18:37:58.423Z",
"dateUpdated": "2024-09-19T13:50:58.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39214
Vulnerability from cvelistv5
Published
2023-08-08 21:38
Modified
2024-09-27 19:07
Severity ?
EPSS score ?
Summary
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom SDK\u0027s",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:07:24.020Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39214",
"datePublished": "2023-08-08T21:38:25.554Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-09-27T19:07:24.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43590
Vulnerability from cvelistv5
Published
2023-11-14 23:15
Modified
2024-08-29 17:23
Severity ?
EPSS score ?
Summary
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for macOS |
Version: before 5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T17:23:15.568469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:23:41.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.16.0"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T23:15:12.437Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43590",
"datePublished": "2023-11-14T23:15:12.437Z",
"dateReserved": "2023-09-19T22:05:40.666Z",
"dateUpdated": "2024-08-29T17:23:41.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36536
Vulnerability from cvelistv5
Published
2023-07-11 17:06
Modified
2024-11-07 19:22
Severity ?
EPSS score ?
Summary
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T19:22:04.000236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:22:23.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.0"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": " Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38: Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T20:15:30.170Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36536",
"datePublished": "2023-07-11T17:06:59.410Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-11-07T19:22:23.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28766
Vulnerability from cvelistv5
Published
2022-11-17 22:36
Modified
2024-09-16 22:31
Severity ?
EPSS score ?
Summary
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom Client for Meetings for Windows (32-bit) |
Version: unspecified < 5.12.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for Windows (32-bit)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom VDI Windows Meeting Client for Windows (32-bit)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference Room for Windows (32-bit)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL injection in Zoom Windows Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-28766",
"datePublished": "2022-11-17T22:36:56.734031Z",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-09-16T22:31:26.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34119
Vulnerability from cvelistv5
Published
2023-07-11 17:05
Modified
2024-11-07 17:17
Severity ?
EPSS score ?
Summary
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T17:12:55.127925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:17:10.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.0"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure temporary file in the installer for Zoom Rooms for Windows\u0026nbsp;before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Insecure temporary file in the installer for Zoom Rooms for Windows\u00a0before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:31:02.915Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-34119",
"datePublished": "2023-07-11T17:05:11.530Z",
"dateReserved": "2023-05-25T22:01:29.097Z",
"dateUpdated": "2024-11-07T17:17:10.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28764
Vulnerability from cvelistv5
Published
2022-11-14 20:17
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Zoom Video Communications Inc | Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) |
Version: unspecified < 5.12.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom VDI Windows Meeting Clients",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local information exposure in Zoom Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-28764",
"datePublished": "2022-11-14T20:17:59.455063Z",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-09-17T03:13:55.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39204
Vulnerability from cvelistv5
Published
2023-11-14 22:28
Modified
2024-08-29 15:20
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:12:00.315832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:20:45.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T22:28:44.622Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39204",
"datePublished": "2023-11-14T22:28:44.622Z",
"dateReserved": "2023-07-25T18:37:58.424Z",
"dateUpdated": "2024-08-29T15:20:45.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42436
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:25:38.974048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:25:52.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:03.844Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42436",
"datePublished": "2024-08-14T16:41:03.844Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T18:25:52.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36537
Vulnerability from cvelistv5
Published
2023-07-11 17:09
Modified
2024-10-23 15:41
Severity ?
EPSS score ?
Summary
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Rooms for Windows |
Version: before 5.14.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:40:47.463139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:41:06.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Rooms for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:54:00.431Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36537",
"datePublished": "2023-07-11T17:09:13.924Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-10-23T15:41:06.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43582
Vulnerability from cvelistv5
Published
2023-11-14 23:12
Modified
2024-09-19 13:52
Severity ?
EPSS score ?
Summary
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:33:44.880769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:38:56.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2023-11-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.\u003cbr\u003e"
}
],
"value": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-939",
"description": "CWE-939 Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:52:36.217Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43582",
"datePublished": "2023-11-14T23:12:32.799Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2024-09-19T13:52:36.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-24690
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-09-20 14:50
Severity ?
EPSS score ?
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T18:16:12.891310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:16:23.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:06.835Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24690",
"datePublished": "2024-02-14T00:00:04.089Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-09-20T14:50:06.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}