Vulnerabilites related to zoom - workplace_desktop
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 20:43
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: "La asignación de propiedad incorrecta en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45426", lastModified: "2025-03-04T20:43:35.193", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.927", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-708", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42438", lastModified: "2024-08-29T00:01:59.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.317", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24032 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.", }, { lang: "es", value: " Una ruta de búsqueda no confiable en el instalador de la aplicación de escritorio Zoom Workplace para macOS y el SDK de Zoom Meeting para macOS anterior a 6.1.0 puede permitir que un usuario privilegiado lleve a cabo una escalada de privilegios a través del acceso local.", }, ], id: "CVE-2024-42439", lastModified: "2024-08-29T00:00:11.627", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.530", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24032", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:32
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39824", lastModified: "2024-09-04T21:32:02.783", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.670", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:35
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-42434", lastModified: "2024-09-04T21:35:50.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.270", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24036/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.", }, { lang: "es", value: "Un error de lógica empresarial en algunas aplicaciones de Zoom Workplace puede permitir que un usuario no autenticado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45424", lastModified: "2025-03-05T13:53:53.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.570", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24036/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8E8DDD36-808D-4864-AA07-0760E4375FCA", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "49957FA5-35FF-40AC-B88E-A235FA00F639", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "B02E0B95-F342-4D19-9C56-0ED458942E09", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "0F555E18-C547-493A-A3C6-85D42B75C5C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "05EFB308-185E-41CD-9E1F-A6EAB1BE3314", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "7AC5BD11-4FF8-4BEA-9151-75E165750703", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "7C050E43-5F66-4F82-8725-6D4F86C2D7FC", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "0E9FA665-AB32-4140-91F9-57E2EA14D837", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "F7D73FAD-D117-46F1-A30F-B373103576BB", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "C11934B8-2EFA-4274-ADAD-53447B0BC972", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "70AEFFD5-918F-4046-9856-C665C2DEF4C4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F18288EB-7820-4C47-A589-BF3DA06A75C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "39EF83F4-626A-43F1-9312-147F65B1EC5E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "21D7D4E9-14DF-48CF-A9F9-A61408B59789", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "655AC669-B03B-4BDD-B578-F6F02FAD857E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "8A311271-1418-4E8C-90B5-960E37592BAE", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "A8EE3AB9-DE5E-4141-9974-C735AEEF1DF0", versionEndExcluding: "6.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El desbordamiento del búfer en algunas aplicaciones de Zoom puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-45421", lastModified: "2025-03-05T13:53:35.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.400", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24043/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:59
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, { lang: "es", value: " La gestión inadecuada de privilegios en el instalador de la aplicación de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a través del acceso local.", }, ], id: "CVE-2024-42440", lastModified: "2024-08-28T23:59:01.537", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.3, impactScore: 5.9, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.757", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24034", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:36
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-42435", lastModified: "2024-09-04T21:36:53.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.510", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24029 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "3317B66C-1FBB-4F9C-BC87-8AE4A18D96EE", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "D300722C-BFDD-45B5-AA62-4ADE987B1B08", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "DDDA5ACF-B421-451F-997B-3A11CA39EAD8", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "F607299C-CA29-49AE-98E6-E26DF095D649", versionEndExcluding: "6.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "E6290901-6547-4AAF-89D2-D95A8AF8FA4F", versionEndExcluding: "6.0.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39822", lastModified: "2024-09-04T21:28:37.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.207", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24029", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42437", lastModified: "2024-09-04T21:39:02.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.047", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-11 13:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "7873F707-9530-44FE-B131-89B0C7DA5E46", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "9CC375E1-4E35-4F9F-86CB-C428D610B10A", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "66948E12-ED01-44A2-B0B0-A2C8C643ACFB", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "E912DE5E-BF3D-4E73-B302-BB106AFA733D", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "E3E50584-63DB-4C50-949B-D79212E331DB", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "C12B253E-09FA-443A-8B05-95C7F988D733", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "C0CD4E04-F0AA-4BBA-90F7-4C350834177F", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "9865654B-CA09-4D71-AA0B-9546860AA9FC", versionEndExcluding: "5.17.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.", }, { lang: "es", value: " El fallo del mecanismo de protección para algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice la divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39818", lastModified: "2024-09-11T13:27:30.923", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:14.957", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24022", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:34
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24022 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "7873F707-9530-44FE-B131-89B0C7DA5E46", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "9CC375E1-4E35-4F9F-86CB-C428D610B10A", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "66948E12-ED01-44A2-B0B0-A2C8C643ACFB", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "E912DE5E-BF3D-4E73-B302-BB106AFA733D", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "E3E50584-63DB-4C50-949B-D79212E331DB", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "C12B253E-09FA-443A-8B05-95C7F988D733", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "C0CD4E04-F0AA-4BBA-90F7-4C350834177F", versionEndExcluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "9865654B-CA09-4D71-AA0B-9546860AA9FC", versionEndExcluding: "5.17.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones de Zoom Workplace y Rooms Clients puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-39825", lastModified: "2024-09-04T21:34:15.720", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.890", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24022", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24039/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.", }, { lang: "es", value: "El consumo descontrolado de recursos en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versión 6.1.5 puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso local.", }, ], id: "CVE-2024-45417", lastModified: "2025-03-04T17:36:57.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.007", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-708", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El enlace simbólico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versión 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-45418", lastModified: "2025-03-04T17:36:43.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.223", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-61", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:54
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24037/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "F9BEC072-28D9-4F55-B47D-E7EF1298CA6F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: "La gestión incorrecta de usuarios en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45425", lastModified: "2025-03-05T13:54:29.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.753", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24037/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-286", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:30
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: " La divulgación de información confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-39823", lastModified: "2024-09-04T21:30:22.210", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:15.437", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:58
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, { lang: "es", value: " La gestión inadecuada de privilegios en el instalador de la aplicación de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a través del acceso local.", }, ], id: "CVE-2024-42441", lastModified: "2024-08-28T23:58:06.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.3, impactScore: 5.9, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:17.990", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24034", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*", matchCriteriaId: "9A8F4501-FF62-4C1B-9232-875D6B09B509", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "30C8F150-F275-423E-818C-B15B929FA006", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "603C3411-C4F4-4451-BA4B-C463EC11C707", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "2C19D307-3FE4-40A2-BEE6-C04B71597D50", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "29182D36-6FB9-4340-A6B9-F6F81FE57443", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "E725630A-E7C2-4C15-BFFA-50EE34D3EE68", versionEndExcluding: "5.17.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "61AC2191-2286-4328-9E4E-2C78E1D37734", versionEndExcluding: "6.0.11", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: " El desbordamiento del búfer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-42436", lastModified: "2024-09-04T21:38:05.587", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-14T17:15:16.790", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-45417
Vulnerability from cvelistv5
Published
2025-02-25 19:49
Modified
2025-02-26 16:42
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45417", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:41:05.991990Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:42:11.552Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Apps for macOS", vendor: "Zoom Communications, Inc", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-11-12T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.<br><br>", }, ], value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-708", description: "CWE-708: Incorrect Ownership Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:49:22.296Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Apps for macOS - Uncontrolled Resource Consumption", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45417", datePublished: "2025-02-25T19:49:22.296Z", dateReserved: "2024-08-28T21:50:25.332Z", dateUpdated: "2025-02-26T16:42:11.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42434
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:36
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42434", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T13:36:35.542410Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-15T13:36:48.396Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:38.167Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42434", datePublished: "2024-08-14T16:39:38.167Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-15T13:36:48.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39824
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 18:07
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39824", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:07:03.024733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:07:26.505Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:26.880Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39824", datePublished: "2024-08-14T16:39:26.880Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-14T18:07:26.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42435
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:58
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42435", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T13:57:52.940338Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-15T13:58:02.205Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:46.183Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42435", datePublished: "2024-08-14T16:39:46.183Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-15T13:58:02.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42440
Vulnerability from cvelistv5
Published
2024-08-14 16:44
Modified
2024-08-14 18:06
Severity ?
EPSS score ?
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "macos_meeting_sdk", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unaffected", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", ], defaultStatus: "unaffected", product: "rooms", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42440", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:58:35.327020Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:06:25.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "before version 6.1.5", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:46:10.026Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24034", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42440", datePublished: "2024-08-14T16:44:46.080Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-14T18:06:25.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45426
Vulnerability from cvelistv5
Published
2025-02-25 19:39
Modified
2025-02-26 16:49
Severity ?
EPSS score ?
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: See references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45426", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:49:09.744526Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:49:25.061Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps", vendor: "Zoom Communications, Inc", versions: [ { status: "affected", version: "See references", }, ], }, ], datePublic: "2024-10-08T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.<br>", }, ], value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-708", description: "CWE-708: Incorrect Ownership Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:39:48.596Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps - Incorrect Ownership Assignment", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45426", datePublished: "2025-02-25T19:39:48.596Z", dateReserved: "2024-08-28T21:50:25.333Z", dateUpdated: "2025-02-26T16:49:25.061Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42439
Vulnerability from cvelistv5
Published
2024-08-14 16:42
Modified
2024-08-16 13:18
Severity ?
EPSS score ?
Summary
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS |
Version: before version 6.1.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42439", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:06:48.542376Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T13:18:48.409Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "before version 6.1.0", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], value: "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426 Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:42:48.215Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24032", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS - Untrusted Search Path", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42439", datePublished: "2024-08-14T16:42:48.215Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-16T13:18:48.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39825
Vulnerability from cvelistv5
Published
2024-08-14 16:34
Modified
2024-08-16 13:28
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and Rooms Clients |
Version: see references |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*", "cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*", "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", ], defaultStatus: "unknown", product: "rooms", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "workplace_app", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vdi_windows_meeting_client", vendor: "zoom", versions: [ { lessThan: "5.17.13", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*", "cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*", "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", ], defaultStatus: "unknown", product: "rooms", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "workplace_app", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vdi_windows_meeting_client", vendor: "zoom", versions: [ { lessThan: "5.17.13", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-39825", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T04:01:49.345375Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T13:28:41.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps and Rooms Clients", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:34:53.595Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24022", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps and Rooms Clients - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39825", datePublished: "2024-08-14T16:34:53.595Z", dateReserved: "2024-06-28T19:43:03.520Z", dateUpdated: "2024-08-16T13:28:41.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42441
Vulnerability from cvelistv5
Published
2024-08-14 16:46
Modified
2024-08-16 13:17
Severity ?
EPSS score ?
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos_meeting_sdk", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "rooms", vendor: "zoom", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42441", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T13:31:24.474262Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T13:17:55.333Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "before version 6.1.5", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], value: "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:46:17.936Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24034", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42441", datePublished: "2024-08-14T16:46:17.936Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-16T13:17:55.333Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42438
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-16 20:05
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42438", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T20:04:49.519001Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T20:05:07.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:18.732Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42438", datePublished: "2024-08-14T16:41:18.732Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-16T20:05:07.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39823
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 17:24
Severity ?
EPSS score ?
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39823", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:24:09.496617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T17:24:16.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], value: "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:39:13.132Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24030", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39823", datePublished: "2024-08-14T16:39:13.132Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-14T17:24:16.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39818
Vulnerability from cvelistv5
Published
2024-08-14 16:36
Modified
2024-08-16 13:26
Severity ?
EPSS score ?
Summary
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and SDKs |
Version: see references |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", ], defaultStatus: "unknown", product: "workplace_desktop", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "workplace_app", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "vdi_windows_meeting_client", vendor: "zoom", versions: [ { lessThan: "5.17.13", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*", "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", ], defaultStatus: "unknown", product: "rooms", vendor: "zoom", versions: [ { lessThan: "6.0.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-39818", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:34:38.585943Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T13:26:38.801Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps and SDKs", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.", }, ], value: "Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "CWE-522 Insufficiently Protected Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:36:37.347Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24022", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps and SDKs - Protection Mechanism Failure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39818", datePublished: "2024-08-14T16:36:37.347Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-16T13:26:38.801Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45418
Vulnerability from cvelistv5
Published
2025-02-25 19:52
Modified
2025-02-25 20:07
Severity ?
EPSS score ?
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45418", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T20:07:02.751886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T20:07:09.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Apps for macOS", vendor: "Zoom Communications, Inc", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-11-12T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.<br><br>", }, ], value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-61", description: "CWE-61: UNIX Symbolic Link (Symlink) Following", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:52:25.471Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Apps for macOS - Symbolic Link Following", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45418", datePublished: "2025-02-25T19:52:25.471Z", dateReserved: "2024-08-28T21:50:25.332Z", dateUpdated: "2025-02-25T20:07:09.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42437
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 17:44
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42437", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T17:34:09.873943Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T17:44:29.139Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:12.866Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42437", datePublished: "2024-08-14T16:41:12.866Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-14T17:44:29.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39822
Vulnerability from cvelistv5
Published
2024-08-14 16:38
Modified
2024-08-16 19:18
Severity ?
EPSS score ?
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39822", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T19:18:36.184406Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T19:18:44.815Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, ], value: "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:38:03.416Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24029", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-39822", datePublished: "2024-08-14T16:38:03.416Z", dateReserved: "2024-06-28T19:43:03.519Z", dateUpdated: "2024-08-16T19:18:44.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42436
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42436", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:25:38.974048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:25:52.686Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers", vendor: "Zoom Communications Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-08-13T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:03.844Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24031", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-42436", datePublished: "2024-08-14T16:41:03.844Z", dateReserved: "2024-08-01T19:13:16.137Z", dateUpdated: "2024-08-14T18:25:52.686Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }