Vulnerabilites related to Zoom Video Communications, Inc. - Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
cve-2024-24696
Vulnerability from cvelistv5
Published
2024-02-13 23:51
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-24696", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-14T16:51:24.559952Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:55.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:28:11.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-02-13T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.<br><br>", }, ], value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T23:51:34.285Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-24696", datePublished: "2024-02-13T23:51:34.285Z", dateReserved: "2024-01-26T22:56:14.681Z", dateUpdated: "2024-08-01T23:28:11.800Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24691
Vulnerability from cvelistv5
Published
2024-02-14 00:01
Modified
2024-09-20 14:48
Severity ?
EPSS score ?
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:28:11.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-02-13T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.<br>", }, ], value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-176", description: "CWE-176: Improper Handling of Unicode Encoding", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T14:48:21.535Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-24691", datePublished: "2024-02-14T00:01:30.884Z", dateReserved: "2024-01-26T22:56:14.680Z", dateUpdated: "2024-09-20T14:48:21.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24695
Vulnerability from cvelistv5
Published
2024-02-13 23:50
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:28:11.193Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-02-13T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.<br><br>", }, ], value: "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T23:50:22.837Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/", }, ], source: { discovery: "UNKNOWN", }, title: " Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-24695", datePublished: "2024-02-13T23:50:22.837Z", dateReserved: "2024-01-26T22:56:14.681Z", dateUpdated: "2024-08-01T23:28:11.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }