CVE-2024-24691
Published Feb 14, 2024
Last updated a month ago
Overview
- Description
- Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
- Source
- security@zoom.us
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- security@zoom.us
- CWE-176
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5"
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
"versionEndExcluding": "5.17.0"
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8",
"versionEndExcluding": "5.14.14"
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E",
"versionEndExcluding": "5.15.12",
"versionStartExcluding": "5.14.14"
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.12"
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5"
}
],
"operator": "OR"
}
]
}
]