CVE-2024-24698

Published Feb 14, 2024

Last updated 5 months ago

CVSS medium 4.4

Overview

Description: Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
Source: security@zoom.us
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
security@zoom.us: CWE-449

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C7B8981-66F8-4309-98C6-63B4665229EF",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDCC89D1-EB4D-496D-82C6-B0BBA942286F",
            "versionEndExcluding": "5.16.12",
            "versionStartExcluding": "5.15.15"
          },
          {
            "criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECD4FC8B-5FB2-4667-B92F-26F2A951EE40",
            "versionEndExcluding": "5.17.5",
            "versionStartExcluding": "5.16.12"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA20AF82-C1DF-4C05-91ED-F5DC1A92C0A3",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5C425F2-9B12-4E3A-88CD-BD7AC0EEB0F6",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E7DB9AA-DB7D-4F3F-A7EA-A482F328F8AB",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E5232D6-0338-4FCC-AB49-39EA6B75B91D",
            "versionEndExcluding": "5.17.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
            "versionEndExcluding": "5.17.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References