Security News > 2024 > February > Zoom stomps critical privilege escalation bug plus 6 other flaws

Zoom stomps critical privilege escalation bug plus 6 other flaws
2024-02-15 15:30

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw.

Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation for unauthenticated users via network access.

It's also deemed to have a potentially high impact on affected products, which include the Windows versions of the Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDK. Zoom Desktop Client for Windows before version 5.16.5.

CVE-2024-24690: A medium severity flaw affecting various Zoom clients that could potentially lead to denial of service attacks.

Affecting some 32-bit Windows clients, this untrusted search path flaw could enable local privilege escalation for authenticated attackers.

CVE-2024-24698: A medium severity issue affecting Zoom desktop apps, mobile apps, VDI client, Rooms client, and Meeting SDKs. It's classed as an improper authentication vulnerability that could lead to disclosure of information.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/zoom_privilege_escalation/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-24698 Unspecified vulnerability in Zoom products
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
local
low complexity
zoom
4.4
2024-02-14 CVE-2024-24691 Unspecified vulnerability in Zoom products
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
network
low complexity
zoom
critical
9.8
2024-02-14 CVE-2024-24690 Improper Validation of Specified Quantity in Input vulnerability in Zoom products
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
network
low complexity
zoom CWE-1284
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 54 4 51 80 12 147