Security News > 2024 > February > Zoom stomps critical privilege escalation bug plus 6 other flaws

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw.

Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation for unauthenticated users via network access.

It's also deemed to have a potentially high impact on affected products, which include the Windows versions of the Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDK. Zoom Desktop Client for Windows before version 5.16.5.

CVE-2024-24690: A medium severity flaw affecting various Zoom clients that could potentially lead to denial of service attacks.

Affecting some 32-bit Windows clients, this untrusted search path flaw could enable local privilege escalation for authenticated attackers.

CVE-2024-24698: A medium severity issue affecting Zoom desktop apps, mobile apps, VDI client, Rooms client, and Meeting SDKs. It's classed as an improper authentication vulnerability that could lead to disclosure of information.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/zoom_privilege_escalation/