- 305/2024
- High
Zoom has released security updates to fix several vulnerabilities in multiple Zoom products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, or obtain sensitive information and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Zoom Apps Privilege Escalation Vulnerability (CVE-2024-45421):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Zoom Apps Obtain Information Vulnerability (CVE-2024-45419):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
The affected products:
- Zoom Workplace App for macOS, IOS, Windows, Linux, and Andriod.
- Zoom Rooms Client.
- Zoom Rooms Controller.
- Zoom Video SDK.
- Zoom Meeting SDK.
- Zoom Workplace VDI.
- Zoom Rooms App.
Vulnerabilities
- CVE-2024-45417
- CVE-2024-45418
- CVE-2024-45419
- CVE-2024-45420
- CVE-2024-45421
- CVE-2024-45422
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.