Zoom addressed two high-severity issues in its platform

Article thumbnail image

This post was originally published on Security Affairs. It can be found here.

Zoom addressed six flaws, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information.

Zoom addressed six vulnerabilities in its video conferencing and communication platform. Two of these vulnerabilities, tracked as CVE-2024-45421 and CVE-2024-45419, are high-severity issues that remote attackers could exploit to escalate privileges or leak sensitive information.

The vulnerability CVE-2024-45421 (CVSS score of 8.5) is a buffer overflow issue that an authenticated attacker could exploit.

“Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.” reads the advisory.

The vulnerability CVE-2024-45419 (CVSS score of 8.5) is an improper input validation issue that can be exploited remotely without authentication.

“Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.” continues the advisory.

Zoom Offensive Security reported both vulnerabilities, the vulnerabilities impact Zoom Workplace App, Rooms Client, Rooms Controller, Video SDK, and Meeting SDK prior to version 6.2.0 across desktop and mobile platforms, and Workplace VDI Client for Windows before version 6.1.12 (except 6.0.14).

The company also addressed four medium-severity issues, tracked as CVE-2024-45422, CVE-2024-45420, CVE-2024-45418, and CVE-2024-45417.

The vulnerability CVE-2024-45422 is an improper input validation issue in some Zoom Apps before version 6.2.0. An unauthenticated user can exploit the flaw to trigger a denial of service condition via network access.

The vulnerability CVE-2024-45420 is an uncontrolled resource consumption in some Zoom Apps before version 6.2.0. An authenticated user can exploit the flaw to trigger a denial of service condition via network access.

The vulnerability CVE-2024-45418 is a Symbolic Link Following issue in Zoom Apps for macOS.

“Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.” reads the advisory.

The vulnerability CVE-2024-45417 is an Uncontrolled Resource Consumption in Zoom Apps for macOS.

“Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.” reads the advisory,

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, video conferencing and communication platform)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 11 months ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 11 months ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 11 months ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 12 months ago

LATEST POSTS
Article thumbnail image
China-linked threat actors breached U.S. broadband providers and gained access
Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifie
Article thumbnail image
China’s Volt Typhoon botnet has re-emerged, using the same core infrastructur
Article thumbnail image
Zoom addressed six flaws, including two high-severity issues that could allow r