Vulnerabilites related to zoom - workplace
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42438",
"lastModified": "2024-08-29T00:01:59.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.317",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:35
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42434",
"lastModified": "2024-09-04T21:35:50.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.270",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:32
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39824",
"lastModified": "2024-09-04T21:32:02.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.670",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:36
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42435",
"lastModified": "2024-09-04T21:36:53.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.510",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24029 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3317B66C-1FBB-4F9C-BC87-8AE4A18D96EE",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D300722C-BFDD-45B5-AA62-4ADE987B1B08",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "DDDA5ACF-B421-451F-997B-3A11CA39EAD8",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F607299C-CA29-49AE-98E6-E26DF095D649",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E6290901-6547-4AAF-89D2-D95A8AF8FA4F",
"versionEndExcluding": "6.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39822",
"lastModified": "2024-09-04T21:28:37.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.207",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42437",
"lastModified": "2024-09-04T21:39:02.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.047",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-11 13:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E912DE5E-BF3D-4E73-B302-BB106AFA733D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E50584-63DB-4C50-949B-D79212E331DB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C12B253E-09FA-443A-8B05-95C7F988D733",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
},
{
"lang": "es",
"value": " El fallo del mecanismo de protecci\u00f3n para algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39818",
"lastModified": "2024-09-11T13:27:30.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:14.957",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:34
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E912DE5E-BF3D-4E73-B302-BB106AFA733D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E50584-63DB-4C50-949B-D79212E331DB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C12B253E-09FA-443A-8B05-95C7F988D733",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones de Zoom Workplace y Rooms Clients puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39825",
"lastModified": "2024-09-04T21:34:15.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.890",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:30
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39823",
"lastModified": "2024-09-04T21:30:22.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.437",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42436",
"lastModified": "2024-09-04T21:38:05.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.790",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2024-42434
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:36
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:36:35.542410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:36:48.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:38.167Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42434",
"datePublished": "2024-08-14T16:39:38.167Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:36:48.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39824
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 18:07
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:07:03.024733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:07:26.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:26.880Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39824",
"datePublished": "2024-08-14T16:39:26.880Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T18:07:26.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42435
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:58
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:57:52.940338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:58:02.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:46.183Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42435",
"datePublished": "2024-08-14T16:39:46.183Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:58:02.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39825
Vulnerability from cvelistv5
Published
2024-08-14 16:34
Modified
2024-08-16 13:28
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and Rooms Clients |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:49.345375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:28:41.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps and Rooms Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:34:53.595Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and Rooms Clients - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39825",
"datePublished": "2024-08-14T16:34:53.595Z",
"dateReserved": "2024-06-28T19:43:03.520Z",
"dateUpdated": "2024-08-16T13:28:41.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42438
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-16 20:05
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:04:49.519001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T20:05:07.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:18.732Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42438",
"datePublished": "2024-08-14T16:41:18.732Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T20:05:07.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39823
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 17:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:24:09.496617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:24:16.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:13.132Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39823",
"datePublished": "2024-08-14T16:39:13.132Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T17:24:16.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39818
Vulnerability from cvelistv5
Published
2024-08-14 16:36
Modified
2024-08-16 13:26
Severity ?
EPSS score ?
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and SDKs |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:34:38.585943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:26:38.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
}
],
"value": "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:36:37.347Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Protection Mechanism Failure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39818",
"datePublished": "2024-08-14T16:36:37.347Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-16T13:26:38.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42437
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 17:44
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:34:09.873943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:44:29.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:12.866Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42437",
"datePublished": "2024-08-14T16:41:12.866Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T17:44:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39822
Vulnerability from cvelistv5
Published
2024-08-14 16:38
Modified
2024-08-16 19:18
Severity ?
EPSS score ?
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:18:36.184406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:18:44.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:38:03.416Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39822",
"datePublished": "2024-08-14T16:38:03.416Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-16T19:18:44.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42436
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:25:38.974048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:25:52.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:03.844Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42436",
"datePublished": "2024-08-14T16:41:03.844Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T18:25:52.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}