Vulnerabilites related to zoom - rooms_controller
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 20:43
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: "La asignación de propiedad incorrecta en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45426", lastModified: "2025-03-04T20:43:35.193", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.927", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-708", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42438", lastModified: "2024-08-29T00:01:59.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.317", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:35
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-42434", lastModified: "2024-09-04T21:35:50.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.270", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:32
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39824", lastModified: "2024-09-04T21:32:02.783", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.670", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24036/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.", }, { lang: "es", value: "Un error de lógica empresarial en algunas aplicaciones de Zoom Workplace puede permitir que un usuario no autenticado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45424", lastModified: "2025-03-05T13:53:53.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.570", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24036/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8E8DDD36-808D-4864-AA07-0760E4375FCA", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "49957FA5-35FF-40AC-B88E-A235FA00F639", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "B02E0B95-F342-4D19-9C56-0ED458942E09", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "0F555E18-C547-493A-A3C6-85D42B75C5C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "05EFB308-185E-41CD-9E1F-A6EAB1BE3314", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "7AC5BD11-4FF8-4BEA-9151-75E165750703", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "7C050E43-5F66-4F82-8725-6D4F86C2D7FC", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "0E9FA665-AB32-4140-91F9-57E2EA14D837", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "F7D73FAD-D117-46F1-A30F-B373103576BB", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "C11934B8-2EFA-4274-ADAD-53447B0BC972", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "70AEFFD5-918F-4046-9856-C665C2DEF4C4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F18288EB-7820-4C47-A589-BF3DA06A75C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "39EF83F4-626A-43F1-9312-147F65B1EC5E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "21D7D4E9-14DF-48CF-A9F9-A61408B59789", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "655AC669-B03B-4BDD-B578-F6F02FAD857E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "8A311271-1418-4E8C-90B5-960E37592BAE", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "A8EE3AB9-DE5E-4141-9974-C735AEEF1DF0", versionEndExcluding: "6.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El desbordamiento del búfer en algunas aplicaciones de Zoom puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-45421", lastModified: "2025-03-05T13:53:35.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.400", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24043/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:36
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-42435", lastModified: "2024-09-04T21:36:53.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.510", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24029 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "3317B66C-1FBB-4F9C-BC87-8AE4A18D96EE", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "D300722C-BFDD-45B5-AA62-4ADE987B1B08", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "DDDA5ACF-B421-451F-997B-3A11CA39EAD8", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "F607299C-CA29-49AE-98E6-E26DF095D649", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "E6290901-6547-4AAF-89D2-D95A8AF8FA4F", versionEndExcluding: "6.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39822", lastModified: "2024-09-04T21:28:37.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.207", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24029", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42437", lastModified: "2024-09-04T21:39:02.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.047", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:54
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24037/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "F9BEC072-28D9-4F55-B47D-E7EF1298CA6F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: "La gestión incorrecta de usuarios en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45425", lastModified: "2025-03-05T13:54:29.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.753", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24037/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-286", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:30
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39823", lastModified: "2024-09-04T21:30:22.210", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.437", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42436", lastModified: "2024-09-04T21:38:05.587", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.790", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-42434
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:36
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42434", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T13:36:35.542410Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-15T13:36:48.396Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:38.167Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42434", datePublished: "2024-08-14T16:39:38.167Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-15T13:36:48.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39824
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 18:07
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39824", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:07:03.024733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:07:26.505Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:26.880Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39824", datePublished: "2024-08-14T16:39:26.880Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-14T18:07:26.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42435
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:58
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42435", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T13:57:52.940338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-15T13:58:02.205Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:46.183Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42435", datePublished: "2024-08-14T16:39:46.183Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-15T13:58:02.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45426
Vulnerability from cvelistv5
Published
2025-02-25 19:39
Modified
2025-02-26 16:49
Severity ?
EPSS score ?
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: See references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45426", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:49:09.744526Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:49:25.061Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps", vendor: "Zoom Communications, Inc", versions: [ { status: "affected", version: "See references", }, ], }, ], datePublic: "2024-10-08T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.<br>", }, ], value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-708", description: "CWE-708: Incorrect Ownership Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:39:48.596Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps - Incorrect Ownership Assignment", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45426", datePublished: "2025-02-25T19:39:48.596Z", dateReserved: "2024-08-28T21:50:25.333Z", dateUpdated: "2025-02-26T16:49:25.061Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42438
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-16 20:05
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42438", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T20:04:49.519001Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T20:05:07.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:18.732Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42438", datePublished: "2024-08-14T16:41:18.732Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-16T20:05:07.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39823
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 17:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39823", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:24:09.496617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T17:24:16.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:13.132Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39823", datePublished: "2024-08-14T16:39:13.132Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-14T17:24:16.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42437
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 17:44
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42437", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:34:09.873943Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T17:44:29.139Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:12.866Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42437", datePublished: "2024-08-14T16:41:12.866Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-14T17:44:29.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39822
Vulnerability from cvelistv5
Published
2024-08-14 16:38
Modified
2024-08-16 19:18
Severity ?
EPSS score ?
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39822", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T19:18:36.184406Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T19:18:44.815Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, ], value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:38:03.416Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24029", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39822", datePublished: "2024-08-14T16:38:03.416Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-16T19:18:44.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42436
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42436", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:25:38.974048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:25:52.686Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:03.844Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42436", datePublished: "2024-08-14T16:41:03.844Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-14T18:25:52.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }