Vulnerabilities > CVE-2019-13450 - Missing Authorization vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ringcentral

zoom

CWE-862

nessus

NVD

Published: 2019-07-09

Updated: 2023-11-07

Summary

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.

Vulnerable Configurations

Part	Description	Count
Application	Ringcentral Ringcentral Ringcentral 7.0.136380.0312	1
Application	Zoom Zoom Zoom 0.9.10894.0925 Zoom Zoom 0.9.11127.0928 Zoom Zoom 0.92.12362.1030 Zoom Zoom 0.92.12606.1105 Zoom Zoom 1.0.17722.0126 Zoom Zoom 1.0.18176.0205 Zoom Zoom 1.0.18490.0222 Zoom Zoom 1.0.18584.0225 Zoom Zoom 1.0.18953.0305 Zoom Zoom 1.0.19784.0322 Zoom Zoom 2.0.24230.0531 Zoom Zoom 2.0.24278.0602 Zoom Zoom 2.0.24636.0609 Zoom Zoom 2.0.26498.0729 Zoom Zoom 2.0.26542.0730 Zoom Zoom 2.0.27327.0826 Zoom Zoom 2.0.28860.0927 Zoom Zoom 2.0.31403.1104 Zoom Zoom 2.5.34797.1213 Zoom Zoom 2.5.35132.1230 Zoom Zoom 2.5.35230.0103 Zoom Zoom 2.5.40060.0120 Zoom Zoom 2.5.40199.0303 Zoom Zoom 2.5.40309.0317 Zoom Zoom 2.5.40419.0328 Zoom Zoom 2.5.40542.0410 Zoom Zoom 2.5.40961.0701 Zoom Zoom 3.0.45579.0809 Zoom Zoom 3.0.45740.0815 Zoom Zoom 3.0.46236.0829 Zoom Zoom 3.0.46609.0915 Zoom Zoom 3.0.46828.0919 Zoom Zoom 3.0.47212.0929 Zoom Zoom 3.0.47252.0930 Zoom Zoom 3.0.48197.1024 Zoom Zoom 3.0.48498.1031 Zoom Zoom 3.0.48882.1117 Zoom Zoom 3.0.49042.1203 Zoom Zoom 3.5.6289.1226 Zoom Zoom 3.5.6478.1231 Zoom Zoom 3.5.7165.0116 Zoom Zoom 3.5.7731.0123 Zoom Zoom 3.5.8412.0202 Zoom Zoom 3.5.9172.0212 Zoom Zoom 3.5.11039.0317 Zoom Zoom 3.5.12706.0403 Zoom Zoom 3.5.13132.0410 Zoom Zoom 3.5.13678.0417 Zoom Zoom 3.5.14934.0430 Zoom Zoom 3.5.15506.0508 Zoom Zoom 3.5.16903.0522 Zoom Zoom 3.5.17994.0608 Zoom Zoom 3.5.19689.0629 Zoom Zoom 3.5.19877.0701 Zoom Zoom 3.5.20913.0716 Zoom Zoom 3.5.21228.0720 Zoom Zoom 3.5.21488.0723 Zoom Zoom 3.5.22132.0730 Zoom Zoom 3.5.24604.0824 Zoom Zoom 3.5.27094.0918 Zoom Zoom 3.5.27255.0921 Zoom Zoom 3.5.27367.0922 Zoom Zoom 3.5.31087.1102 Zoom Zoom 3.5.33823.1130 Zoom Zoom 3.5.33842.1130 Zoom Zoom 3.5.37712.0111 Zoom Zoom 3.5.44022.0314 Zoom Zoom 3.5.44420.0317 Zoom Zoom 3.5.44581.0318 Zoom Zoom 3.5.45146.0324 Zoom Zoom 3.5.47151.0412 Zoom Zoom 3.5.48445.0422 Zoom Zoom 3.5.49863.0509 Zoom Zoom 3.5.53922.0613 Zoom Zoom 3.5.56157.0701 Zoom Zoom 3.5.56609.0707 Zoom Zoom 3.5.57166.0713 Zoom Zoom 3.5.63439.0829 Zoom Zoom 3.5.63970.0901 Zoom Zoom 3.5.64836.0908 Zoom Zoom 3.5.131222.0413 Zoom Zoom 3.6.10826.1101 Zoom Zoom 3.6.11639.1109 Zoom Zoom 3.6.13977.1202 Zoom Zoom 3.6.17046.1226 Zoom Zoom 3.6.17818.1230 Zoom Zoom 4.0.21440.0116 Zoom Zoom 4.0.21664.0117 Zoom Zoom 4.0.22115.0123 Zoom Zoom 4.0.22259.0125 Zoom Zoom 4.0.25513.0228 Zoom Zoom 4.0.25926.0306 Zoom Zoom 4.0.29208.0410 Zoom Zoom 4.0.29390.0411 Zoom Zoom 4.0.29656.0413 Zoom Zoom 4.0.35295.0605 Zoom Zoom 4.0.36452.0616 Zoom Zoom 4.0.38982.0714 Zoom Zoom 4.1.8826.0925 Zoom Zoom 4.1.9338.0929 Zoom Zoom 4.1.10062.1016 Zoom Zoom 4.1.11049.1024 Zoom Zoom 4.1.16781.1211 Zoom Zoom 4.1.17379.1218 Zoom Zoom 4.1.18796.0103 Zoom Zoom 4.1.19666.0122 Zoom Zoom 4.1.20199.0205 Zoom Zoom 4.1.20446.0209 Zoom Zoom 4.1.23108.0402 Zoom Zoom 4.1.23501.0416 Zoom Zoom 4.1.24423.0507 Zoom Zoom 4.1.24919.0521 Zoom Zoom 4.1.25010.0522 Zoom Zoom 4.1.25233.0525 Zoom Zoom 4.1.27507.0627 Zoom Zoom 4.1.27695.0702 Zoom Zoom 4.1.28165.0716 Zoom Zoom 4.1.30477.0820 Zoom Zoom 4.1.31275.0831 Zoom Zoom 4.1.33259.0925 Zoom Zoom 4.1.34475.1105 Zoom Zoom 4.1.34801.1116 Zoom Zoom 4.1.35374.1217 Zoom Zoom 4.4.2	124

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOS_ZOOM_CLIENT_4_4_53932_0709.NASL
description	The version of Zoom Client for Meetings installed on the remote macOS host is 4.x prior to 4.4.53932.0709. It is, therefore, affected by a webcam hijacking vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to visit an attacker controlled website, to force a user to join an attacker controlled video call with their video camera active.
last seen	2020-06-01
modified	2020-06-02
plugin id	126590
published	2019-07-10
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126590
title	Zoom Client for Meetings 4.x < 4.4.53932.0709 Webcam Hijacking Vulnerability (macOS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126590); script_version("1.2"); script_cvs_date("Date: 2019/10/18 23:14:14"); script_cve_id("CVE-2019-13450"); script_bugtraq_id(109082); script_name(english:"Zoom Client for Meetings 4.x < 4.4.53932.0709 Webcam Hijacking Vulnerability (macOS)"); script_summary(english:"Checks the Zoom Client for Meetings version."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by a webcam hijack vulnerability."); script_set_attribute(attribute:"description", value: "The version of Zoom Client for Meetings installed on the remote macOS host is 4.x prior to 4.4.53932.0709. It is, therefore, affected by a webcam hijacking vulnerability. An unauthenticated, remote attacker can exploit this, by convincing a user to visit an attacker controlled website, to force a user to join an attacker controlled video call with their video camera active."); # https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?43720b3e"); # https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1394c56f"); script_set_attribute(attribute:"solution", value: "Upgrade to Zoom Client for Meetings 4.4.53932.0709 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13450"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:zoom:zoom_client_for_meetings"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_zoom_installed.nbin"); script_require_keys("Host/MacOSX/Version", "installed_sw/zoom"); exit(0); } include("vcf.inc"); get_kb_item_or_exit("Host/MacOSX/Version"); app_info = vcf::get_app_info(app:"zoom"); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "4", "fixed_version" : "4.4.53932.0709" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

The Hacker News

id	THN:39DFE39B3C793A5ACE549CF4D9CD7A85
last seen	2019-07-19
modified	2019-07-19
published	2019-07-13
reporter	The Hacker News
source	https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html
title	Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw

id	THN:4465033741C790D933493870A37F0E8B
last seen	2019-07-09
modified	2019-07-09
published	2019-07-09
reporter	The Hacker News
source	https://thehackernews.com/2019/07/webcam-hacking-video-conferencing.html
title	Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

The Hacker News

References