Zoom stomps critical privilege escalation bug plus 6 other flaws

2024-02-15 15:30

Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw.

Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation for unauthenticated users via network access.

It's also deemed to have a potentially high impact on affected products, which include the Windows versions of the Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDK. Zoom Desktop Client for Windows before version 5.16.5.

CVE-2024-24690: A medium severity flaw affecting various Zoom clients that could potentially lead to denial of service attacks.

Affecting some 32-bit Windows clients, this untrusted search path flaw could enable local privilege escalation for authenticated attackers.

CVE-2024-24698: A medium severity issue affecting Zoom desktop apps, mobile apps, VDI client, Rooms client, and Meeting SDKs. It's classed as an improper authentication vulnerability that could lead to disclosure of information.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/zoom_privilege_escalation/

#critical #zoom #CVE-2024-24691 #CVE-2024-24690 #CVE-2024-24698

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE
2024-02-14	CVE-2024-24698	Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
2024-02-14	CVE-2024-24691	Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
2024-02-14	CVE-2024-24690	Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zoom		52	4	50	57	9	120