fkie_cve-2024-45426
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 20:43
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "6E039542-3E10-4565-9543-71F50F06A933", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F82C8A03-C83C-4404-84C1-D9D4836B9982", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "23B5BD12-AA42-47A8-9BC7-5F59B48160C9", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "242D5F39-22FC-4304-8F36-3A0A23BDCC6E", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "B497C5C3-921E-462B-91A3-58DA2F669236", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "D40263F3-4A0E-418E-AF91-8AD20A957D9F", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8FE458E6-5ACB-428D-A339-D826E5EDDAD1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "65DD163F-BB0E-4BE3-9545-F379774F3AE4", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "3A34FEBC-6E74-4F03-BFA7-FD37226097F1", versionEndExcluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "22369469-1A7D-4130-B5AE-E76F31405B94", versionEndExcluding: "6.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.", }, { lang: "es", value: "La asignación de propiedad incorrecta en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2024-45426", lastModified: "2025-03-04T20:43:35.193", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.927", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-708", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.