Security Bulletins
Security Bulletins
Zoom does not provide guidance on vulnerability impacts to individual customers due to a Zoom Security Bulletin or provide additional details about a vulnerability. We recommend users to update to the latest version of Zoom software in order to get the latest fixes and security improvements.
| ZSB | Date | Title | Severity | CVE (if applicable) | |
|---|---|---|---|---|---|
|
|
ZSB-23045 | 09/12/2023 | CleanZoom - Untrusted Search Path | High | CVE-2023-39201 |
|
Severity: High CVSS Score: 7.2 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Description: Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23043 | 09/12/2023 | Zoom Desktop Client for Linux - Improper Input Validation | Medium | CVE-2023-39208 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Description: Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. Affected Products:
Source: Reported by Antoine Roly (aroly). |
|||||
|
|
ZSB-23040 | 09/12/2023 | Zoom Clients - Improper Authentication | High | CVE-2023-39215 |
|
Severity: High CVSS Score: 7.1 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Description: Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23041 | 08/08/2023 | Zoom Desktop Client for Windows - Improper Input Validation | Medium | CVE-2023-39209 |
|
Severity: Medium CVSS Score: 5.9 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
Description: Improper input validation in Zoom Desktop Client for Windows before version 5.15.5 may allow an authenticated user to enable an information disclosure via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23039 | 08/08/2023 | Zoom Client’s - Exposure of Sensitive Information | High | CVE-2023-39214 |
|
Severity: High CVSS Score: 7.6 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Description: Exposure of sensitive information in Zoom Client's before version 5.15.5 may allow an authenticated user to enable a denial of service via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23038 | 08/08/2023 | Zoom Desktop Client for Windows and Zoom VDI Client - Improper Neutralization of Special Elements | Critical | CVE-2023-39213 |
|
Severity: Critical CVSS Score: 9.6 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description: Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before version 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23037 | 08/08/2023 | Zoom Rooms for Windows - Untrusted Search Path | High | CVE-2023-39212 |
|
Severity: High CVSS Score: 7.9 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Description: Untrusted search path in Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable a denial of service via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23036 | 08/08/2023 | Zoom Desktop Client for Windows and Zoom Rooms for Windows - Improper Privilege Management | High | CVE-2023-39211 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23035 | 08/08/2023 | Zoom Client SDK for Windows - Clear text Storage of Sensitive Information | Medium | CVE-2023-39210 |
|
Severity: Medium CVSS Score: 5.5 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description: Clear text storage of sensitive information in Zoom Client SDK for Windows before version 5.15.0 may allow an authenticated user to enable an information disclosure via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23034 | 08/08/2023 | Zoom Clients - Client-Side Enforcement of Server-Side Security | Medium | CVE-2023-39218 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Description: Client-side enforcement of server-side security in Zoom clients before version 5.14.10 may allow a privileged user to enable information disclosure via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23033 | 08/08/2023 | Zoom Client’s - Improper Input Validation | Medium | CVE-2023-39217 |
|
Severity: Medium CVSS Score: 5.3 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description: Improper input validation in Zoom Client’s before version 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23032 | 08/08/2023 | Zoom Desktop Client for Windows - Improper Input Validation | Critical | CVE-2023-39216 |
|
Severity: Critical CVSS Score: 9.6 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description: Improper input validation in Zoom Desktop Client for Windows before version 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23031 | 08/08/2023 | Zoom Clients - Client-Side Enforcement of Server-Side Security | High | CVE-2023-36535 |
|
Severity: High CVSS Score: 7.1 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Description: Client-side enforcement of server-side security in Zoom clients before version 5.14.10 may allow an authenticated user to enable information disclosure via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23030 | 08/08/2023 | Zoom Desktop Client for Windows - Path Traversal | Critical | CVE-2023-36534 |
|
Severity: Critical CVSS Score: 9.3 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
Description: Path traversal in Zoom Desktop Client for Windows before version 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23029 | 08/08/2023 | Zoom SDK’s - Uncontrolled Resource Consumption | High | CVE-2023-36533 |
|
Severity: High CVSS Score: 7.1 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Description: Uncontrolled resource consumption in Zoom SDK’s before version 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23028 | 08/08/2023 | Zoom Clients - Buffer Overflow | Medium | CVE-2023-36532 |
|
Severity: Medium CVSS Score: 5.9 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: Buffer overflow in Zoom clients before version 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23027 | 08/08/2023 | Zoom Desktop Client for Windows - Insufficient Verification of Data Authenticity | High | CVE-2023-36541 |
|
Severity: High CVSS Score: 8 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: Insufficient verification of data authenticity in Zoom Desktop Client for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23026 | 08/08/2023 | Zoom Desktop Client for Windows - Untrusted Search Path | High | CVE-2023-36540 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Description: Untrusted search path in the installer for Zoom Desktop Client for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23024 | 07/11/2023 | Improper Access Control | High | CVE-2023-36538 |
|
Severity: High CVSS Score: 8.4 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Description: Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23023 | 07/11/2023 | Improper Privilege Management | High | CVE-2023-36537 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Description: Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23022 | 07/11/2023 | Untrusted Search Path | High | CVE-2023-36536 |
|
Severity: High CVSS Score: 8.2 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Description: Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23021 | 07/11/2023 | Insecure Temporary File | High | CVE-2023-34119 |
|
Severity: High CVSS Score: 8.2 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Description: Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23020 | 07/11/2023 | Improper Privilege Management | High | CVE-2023-34118 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Description: Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23019 | 07/11/2023 | Relative Path Traversal | Low | CVE-2023-34117 |
|
Severity: Low CVSS Score: 3.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Description: Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. Affected Products:
Source: Reported by Dimitrios Valsamaras of Microsoft. |
|||||
|
|
ZSB-23018 | 07/11/2023 | Improper Input Validation | High | CVE-2023-34116 |
|
Severity: High CVSS Score: 8.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H
Description: Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. Affected Products:
Source: Reported by sim0nsecurity. |
|||||
|
|
ZSB-23025 | 06/29/2023 | Exposure of Sensitive Information | Medium | CVE-2023-36539 |
|
Severity: Medium CVSS Score: 5.3 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Description: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Affected Products:
Source: Reported by Zoom Offensive Security Team. |
|||||
|
|
ZSB-23017 | 06/13/2023 | Buffer Copy without Checking Size of Input | Medium | CVE-2023-34115 |
|
Severity: Medium CVSS Score: 4.0 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description: Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted. Affected Products:
Source: Reported by Eugene Lim |
|||||
|
|
ZSB-23016 | 06/13/2023 | Exposure of Resource to Wrong Sphere | Medium | CVE-2023-34114 |
|
Severity: Medium CVSS Score: 4.3 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Description: Exposure of resource to wrong sphere in Zoom for Windows and Zoom for macOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. Affected Products:
Source: Reported by Siddhi Katariya (chikorita) |
|||||
|
|
ZSB-23015 | 06/13/2023 | Insufficient Verification of Data Authenticity | High | CVE-2023-34113 |
|
Severity: High CVSS Score: 8 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23014 | 06/13/2023 | Improper Input Validation | High | CVE-2023-34122 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Description: Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23013 | 06/13/2023 | Improper Input Validation | Medium | CVE-2023-34121 |
|
Severity: Medium CVSS Score: 4.9 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Description: Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. Affected Products:
Source: Reported by Mohit Rawat - ASPIA InfoTech |
|||||
|
|
ZSB-23012 | 06/13/2023 | Improper Privilege Management | High | CVE-2023-34120 |
|
Severity: High CVSS Score: 8.7 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Description: Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23011 | 06/13/2023 | Improper Access Control in Zoom VDI Client Installer | High | CVE-2023-28603 |
|
Severity: High CVSS Score: 7.7 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description: Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23010 | 06/13/2023 | Improper Verification of Cryptographic Signature in Zoom Clients | Low | CVE-2023-28602 |
|
Severity: Low CVSS Score: 2.8 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Description: Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions. Affected Products:
Source: Reported by Kirin (Pwnrin) |
|||||
|
|
ZSB-23009 | 06/13/2023 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Zoom Clients | Low | CVE-2023-28601 |
|
Severity: Low CVSS Score: 2 CVSS Vector String: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description: Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23008 | 06/13/2023 | Improper access control in Zoom Clients | Medium | CVE-2023-28600 |
|
Severity: Medium CVSS Score: 6.6 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Description: Zoom for macOS clients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. Affected Products:
Source: Reported by Koh M. Nakagawa (@tsunek0h) |
|||||
|
|
ZSB-23007 | 06/13/2023 | HTML Injection vulnerability in Zoom Clients | Medium | CVE-2023-28599 |
|
Severity: Medium CVSS Score: 4.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Description: Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. Affected Products:
Source: Reported by Mohit Rawat - ASPIA InfoTech |
|||||
|
|
ZSB-23006 | 06/13/2023 | HTML injection in Zoom Linux Clients | High | CVE-2023-28598 |
|
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description: Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. Affected Products:
Source: Reported by Antoine Roly (aroly) |
|||||
|
|
ZSB-23005 | 03/14/2023 | Improper trust boundary implementation for SMB in Zoom Clients [Updated 2023-04-07] | High | CVE-2023-28597 |
|
Severity: High CVSS Score: 8.3 CVSS Vector String: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description: Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-23004 | 03/14/2023 | Local Privilege Escalation in Zoom for macOS Installers | Medium | CVE-2023-28596 |
|
Severity: Medium CVSS Score: 5.2 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Description: Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. Affected Products:
Source: Reported by Koh M. Nakagawa (tsunekoh) |
|||||
|
|
ZSB-23003 | 03/14/2023 | Local Privilege Escalation in Zoom for Windows Installers | High | CVE-2023-22883 |
|
Severity: High CVSS Score: 7.2 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H
Description: Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-23002 | 03/14/2023 | Denial of Service in Zoom Clients | Medium |
CVE-2023-22881 CVE-2023-22882 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description: Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-23001 | 03/14/2023 | Information Disclosure in Zoom for Windows Clients | Medium | CVE-2023-22880 |
|
Severity: Medium CVSS Score: 6.8 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Description: Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior. Affected Products:
Source: Reported by Zoom Security Team |
|||||
|
|
ZSB-22035 | 01/06/2023 | Local Privilege Escalation in Zoom Rooms for Windows Installers | High | CVE-2022-36930 |
|
Severity: High CVSS Score: 8.2 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Description: Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-22034 | 01/06/2023 | Local Privilege Escalation in Zoom Rooms for Windows Clients | High | CVE-2022-36929 |
|
Severity: High CVSS Score: 7.8 CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: Zoom Rooms for Windows clients before version 5.12.7 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-22033 | 01/06/2023 | Path Traversal in Zoom for Android Clients | Medium | CVE-2022-36928 |
|
Severity: Medium CVSS Score: 6.1 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Description: Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory. Affected Products:
Source: Reported by Dimitrios Valsamaras of Microsoft |
|||||
|
|
ZSB-22032 | 01/06/2023 | Local Privilege Escalation in Zoom Rooms for macOS Clients | High |
CVE-2022-36926 CVE-2022-36927 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Affected Products:
Source: Reported by Kirin (Pwnrin) |
|||||
|
|
ZSB-22031 | 01/06/2023 | Insecure key generation for Zoom Rooms for macOS Clients | Medium | CVE-2022-36925 |
|
Severity: Medium CVSS Score: 4.4 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Description: Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service. Affected Products:
Source: Reported by Kirin (Pwnrin) |
|||||
|
|
ZSB-22030 | 11/15/2022 | Local Privilege Escalation in Zoom Rooms Installer for Windows | High | CVE-2022-36924 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-22029 | 11/15/2022 | Local Privilege Escalation in Zoom Client Installer for macOS | High | CVE-2022-28768 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. Affected Products:
Source: Reported by Koh M. Nakagawa (tsunekoh) |
|||||
|
|
ZSB-22027 | 11/15/2022 | DLL injection in Zoom Windows Clients | High | CVE-2022-28766 |
|
Severity: High CVSS Score: 8.1 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Description: Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. Affected Products:
Source: Reported by sim0nsecurity |
|||||
|
|
ZSB-22025 | 11/10/2022 | Local information exposure in Zoom Clients | Low | CVE-2022-28764 |
|
Severity: Low CVSS Score: 3.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Affected Products:
Source: Reported by Christian Zäske of SySS GmbH |
|||||
|
|
ZSB-22024 | 10/24/2022 | Improper URL parsing in Zoom Clients | High | CVE-2022-28763 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. Affected Products:
Source: Reported by Zoom Security Team |
|||||
|
|
ZSB-22023 | 10/11/2022 | Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS | High | CVE-2022-28762 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Description: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. Affected Products:
Source: Reported by Zoom Security Team |
|||||
|
|
ZSB-22022 | 10/11/2022 | Zoom On-Prem Deployments: Improper Access Control | Medium | CVE-2022-28761 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description: Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-22021 | 09/13/2022 | Zoom On-Prem Deployments: Improper Access Control | Medium | CVE-2022-28760 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description: Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-22020 | 09/13/2022 | Zoom On-Prem Deployments: Improper Access Control | High |
CVE-2022-28758 CVE-2022-28759 |
|
Severity: High CVSS Score: 8.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Description: Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. Affected Products:
Source: Reported by Zoom Security Team |
|||||
|
|
ZSB-22019 | 08/17/2022 | Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS | High | CVE-2022-28757 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Affected Products:
Source: Reported by Csaba Fitzl (theevilbit) of Offensive Security |
|||||
|
|
ZSB-22018 | 08/13/2022 | Local Privilege Escalation in Auto Updater for macOS Zoom products [Updated 2022-09-13] | High | CVE-2022-28756 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 and Zoom Rooms for Conference Room for macOS before version 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Affected Products:
Source: Reported by Patrick Wardle of Objective-See |
|||||
|
|
ZSB-22017 | 08/09/2022 | Local Privilege Escalation in Zoom Client for Meetings for macOS | High | CVE-2022-28751 |
|
Severity: High CVSS Score: 8.8 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description: The Zoom Client for Meetings for macOS (Standard and for IT Admin) before version 5.11.3 contain a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Affected Products:
Source: Reported by Patrick Wardle of Objective-See |
|||||
|
|
ZSB-22014 | 08/09/2022 | Zoom On-Premise Deployments: Improper Access Control | High |
CVE-2022-28753 CVE-2022-28754 |
|
Severity: High CVSS Score: 7.1 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Description: Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-22016 | 08/09/2022 | Improper URL parsing in Zoom Clients [Updated 2022-10-24] | Critical | CVE-2022-28755 |
|
Severity: Critical CVSS Score: 9.6 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-22012 | 08/09/2022 | Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector | High | CVE-2022-28750 |
|
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description: Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB-22011 | 06/14/2022 | Insufficient Authorization Check During Meeting Join | Medium | CVE-2022-28749 |
|
Severity: Medium CVSS Score: 6.5 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description: Zoom’s On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zoom’s waiting room can join the meeting without the consent of the host. Affected Products:
Source: Reported by Zoom Offensive Security Team |
|||||
|
|
ZSB- 22010 | 06/14/2022 | DLL injection in Zoom Opener installer for Zoom and Zoom Rooms clients | High | CVE-2022-22788 |
|
Severity: High CVSS Score: 7.1 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victim’s host. Affected Products:
Source: Reported by James Tsz Ko Yeung |
|||||
|
|
ZSB-22009 | 05/17/2022 | Insufficient hostname validation during server switch in Zoom Client for Meetings | Medium | CVE-2022-22787 |
|
Severity: Medium CVSS Score: 5.9 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting user’s client to connect to a malicious server when attempting to use Zoom services. Affected Products:
Source: Reported by Ivan Fratric of Google Project Zero |
|||||
|
|
ZSB-22008 | 05/17/2022 | Update package downgrade in Zoom Client for Meetings for Windows | High | CVE-2022-22786 |
|
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. Affected Products:
Source: Reported by Ivan Fratric of Google Project Zero |
|||||
|
|
ZSB-22007 | 05/17/2022 | Improperly constrained session cookies in Zoom Client for Meetings | Medium | CVE-2022-22785 |
|
Severity: Medium CVSS Score: 5.9 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send a user’s Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user. Affected Products:
Source: Reported by Ivan Fratric of Google Project Zero |
|||||
|
|
ZSB- 22006 | 05/17/2022 | Improper XML Parsing in Zoom Client for Meetings | High | CVE-2022-22784 |
|
Severity: High CVSS Score: 8.1 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Description: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving user’s client perform a variety of actions. This issue could be used in a more sophisticated attack to forge XMPP messages from the server. Affected Products:
Source: Reported by Ivan Fratric of Google Project Zero |
|||||
|
|
ZSB- 22005 | 04/27/2022 | Process memory exposure in Zoom on-premise Meeting services | High | CVE-2022-22783 |
|
Severity: High CVSS Score: 8.3 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/CR:H
Description: A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. Affected Products:
Source: Zoom Offensive Security Team |
|||||
|
|
ZSB-22004 | 04/27/2022 | Local privilege escalation in Windows Zoom Clients | High | CVE-2022-22782 |
|
Severity: High CVSS Score: 7.9 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Description: The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. Affected Products:
Source: Reported by the Zero Day Initiative |
|||||
|
|
ZSB-22003 | 04/27/2022 | Update package downgrade in Zoom Client for Meetings for macOS | High | CVE-2022-22781 |
|
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: The Zoom Client for Meetings for macOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. Affected Products:
Source: Reported by Patrick Wardle of Objective-See |
|||||
|
|
ZSB-22002 | 02/08/2022 | Zoom Team Chat Susceptible to Zip Bombing | Medium | CVE-2022-22780 |
|
Severity: Medium CVSS Score: 4.7 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L
Description: The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. Affected Products:
Source: Reported by Johnny Yu of Walmart Global Tech |
|||||
|
|
ZSB-22001 | 02/08/2022 | Retained exploded messages in Keybase clients for macOS and Windows | Low | CVE-2022-22779 |
|
Severity: Low CVSS Score: 3.7 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description: The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. Affected Products:
Source: Reported by Olivia O'Hara |
|||||
|
|
ZSB-21022 | 12/14/2021 | Arbitrary command execution in Keybase Client for Windows | Medium | CVE-2021-34426 |
|
Severity: Medium CVSS Score: 5.3 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Description: A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user’s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user’s local system. Affected Products:
Source: Reported by RyotaK |
|||||
|
|
ZSB-21021 | 12/14/2021 | Server Side Request Forgery in Zoom Client for Meetings chat | Medium | CVE-2021-34425 |
|
Severity: Medium CVSS Score: 4.7 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Description: The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. Affected Products:
Source: Reported by Johnny Yu of Walmart Global Tech |
|||||
|
|
ZSB-21020 | 11/24/2021 | Process memory exposure in Zoom Client and other products | Medium | CVE-2021-34424 |
|
Severity: Medium CVSS Score: 5.3 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description: A vulnerability was discovered in the products listed in the "Affected Products" section of this bulletin which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory. Affected Products:
Source: Reported by Natalie Silvanovich of Google Project Zero |
|||||
|
|
ZSB-21019 | 11/24/2021 | Buffer overflow in Zoom Client and other products | High | CVE-2021-34423 |
|
Severity: High CVSS Score: 7.3 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Description: A buffer overflow vulnerability was discovered in the products listed in the “Affected Products'' section of this bulletin. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. Affected Products:
Source: Source: Reported by Natalie Silvanovich of Google Project Zero |
|||||
|
|
ZSB-21018 | 11/09/2021 | Path traversal of file names in Keybase Client for Windows | High | CVE-2021-34422 |
|
Severity: High CVSS Score: 7.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Description: The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. Affected Products:
Source: Reported by m4t35z |
|||||
|
|
ZSB-21017 | 11/09/2021 | Retained exploded messages in Keybase clients for Android and iOS | Low | CVE-2021-34421 |
|
Severity: Low CVSS Score: 3.7 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Description: The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer’s device. Affected Products:
Source: Reported by Olivia O'Hara, John Jackson, Jackson Henry, and Robert Willis |
|||||
|
|
ZSB-21016 | 11/09/2021 | Zoom Windows installation executable signature bypass | Medium | CVE-2021-34420 |
|
Severity: Medium CVSS Score: 4.7 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Description: The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer. Affected Products:
Source: Reported by Laurent Delosieres of ManoMano |
|||||
|
|
ZSB-21015 | 11/09/2021 | HTML injection in Zoom Linux client | Low | CVE-2021-34419 |
|
Severity: Low CVSS Score: 3.7 CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Description: In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks. Affected Products:
Source: Reported by Danny de Weille and Rick Verdoes of hackdefense |
|||||
|
|
ZSB-21014 | 11/09/2021 | Pre-auth Null pointer crash in on-premise web console | Medium | CVE-2021-34418 |
|
Severity: Medium CVSS Score: 4.0 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description: The login service of the web console for the products listed in the “Affected Products” section of this bulletin, fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service. Affected Products:
Source: Reported by Jeremy Brown |
|||||
|
|
ZSB-21013 | 11/09/2021 | Authenticated remote command execution with root privileges via web console in MMR | High | CVE-2021-34417 |
|
Severity: High CVSS Score: 7.9 CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Description: The network proxy page on the web portal for the products listed in the “Affected Products” section of this bulletin, fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator. Affected Products:
Source: Reported by Jeremy Brown |
|||||
|
|
ZSB-21012 | 09/30/2021 | Remote Code Execution against On-Prem Images via webportal | Medium | CVE-2021-34416 |
|
Severity: Medium CVSS Score: 5.5 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Description: The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. Affected Products:
Source: Reported by Egor Dimitrenko of Positive Technologies |
|||||
|
|
ZSB-21011 | 09/30/2021 | ZC crash using a PDU which causes many allocations | High | CVE-2021-34415 |
|
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description: The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. Affected Products:
Source: Reported by Nikita Abramov of Positive Technologies |
|||||
|
|
ZSB-21010 | 09/30/2021 | Remote Code Execution against Meeting Connector server via webportal network proxy configuration | Medium | CVE-2021-34414 |
|
Severity: Medium CVSS Score: 7.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Description: The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fail to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. Affected Products:
Source: Reported by Egor Dimitrenko of Positive Technologies |
|||||
|
|
ZSB-21009 | 09/30/2021 | Zoom macOS Outlook Plugin Installer Local Privilege Escalation | Low | CVE-2021-34413 |
|
Severity: Low CVSS Score: 2.8 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Description: All versions of the Zoom Plugin for Microsoft Outlook for macOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. Affected Products:
Source: Reported by the Lockheed Martin Red Team |
|||||
|
|
ZSB-21008 | 09/30/2021 | Zoom for Windows Installer Local Privilege Escalation | Medium | CVE-2021-34412 |
|
Severity: Medium CVSS Score: 4.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Description: During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Affected Products:
Source: Reported by the Lockheed Martin Red Team |
|||||
|
|
ZSB-21007 | 09/30/2021 | Zoom Rooms Installer Local Privilege Escalation | Medium | CVE-2021-34411 |
|
Severity: Medium CVSS Score: 4.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Description: During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Affected Products:
Source: Reported by the Lockheed Martin Red Team |
|||||
|
|
ZSB-21004 | 09/30/2021 | Zoom MSI Installer Elevated Write Using A Junction | High | CVE-2021-34408 |
|
Severity: High CVSS Score: 7.0 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: A user-writable directory created during the installation of the Zoom Client for Meetings for Windows version prior to version 5.3.2 can be redirected to another location using a junction. This would allow an attacker to overwrite files that a limited user would otherwise be unable to modify. Affected Products:
Source: Reported by the Lockheed Martin Red Team |
|||||
|
|
ZSB-21003 | 09/30/2021 | Windows Zoom Installer Digital Signature Bypass | High | CVE-2021-33907 |
|
Severity: High CVSS Score: 7.0 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:N/MUI:R/MS:U/MC:H/MI:H/MA:H
Description: The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. Affected Products:
Source: Reported by the Lockheed Martin Red Team |
|||||
|
|
ZSB-21002 | 08/13/2021 | Heap overflow from static buffer unchecked write from XMPP message | High | CVE-2021-30480 |
|
Severity: High CVSS Score: 8.1 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:H/IR:H/AR:H/MAV:N/MAC:H/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H
Description: A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5.6.3. This Finding was reported to Zoom as a part of 2021 Pwn20wn Vancouver. The attack chain demonstrated during Pwn20wn was mitigated in a server-side change in Zoom’s infrastructure on 2021-04-09. Affected Products:
Source: Reported by Daan Keuper and Thijs Alkemade from Computest via the Zero Day Initiative |
|||||
|
|
ZSB-21001 | 03/26/2021 | Application Window Screen Sharing Functionality | Medium | CVE-2021-28133 |
|
Severity: Medium CVSS Score: 5.7 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Description: A vulnerability affected the Zoom Windows and Linux Clients’ share screen functionality when sharing individual application windows, in which screen contents of applications which are not explicitly shared by the screen-sharing users may be seen by other meeting participants for a brief moment if the “sharer” is minimizing, maximizing, or closing another window. Affected Products:
Source: Discovered by Michael Stramez and Matthias Deeg. |
|||||
|
|
ZSB-20002 | 08/14/2020 | Windows DLL in the Zoom Sharing Service | High | CVE-2020-9767 |
|
Severity: High CVSS Score: 7.8 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service could allow a local Windows user to escalate privileges to those of the NT AUTHORITY/SYSTEM user. Affected Products:
Source: Connor Scott of Context Information Security |
|||||
|
|
ZSB-20001 | 05/04/2020 | Zoom IT Installer for Windows | High | CVE-2020-11443 |
|
Severity: High CVSS Score: Base: 8.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Description: A vulnerability in how the Zoom Windows installer handles junctions when deleting files could allow a local Windows user to delete files otherwise not deletable by the user. Affected Products:
Source: Thanks to the Lockheed Martin Red Team. |
|||||
|
|
ZSB-19003 | 07/12/2019 | ZoomOpener daemon | High | CVE-2019-13567 |
|
Severity: High CVSS Score: Base: 7.5 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: A vulnerability in the Zoom macOS client could allow an attacker to download malicious software to a victim's device. Affected Products:
Source: Unknown. |
|||||
|
|
ZSB-19002 | 07/09/2019 | Default Video Setting | Low | CVE-2019-13450 |
|
Severity: Low CVSS Score: Base: 3.1 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Description: A vulnerability in the macOS Zoom and RingCentral clients could allow a remote, unauthenticated attacker to force a user to join a video call with the video camera active. Affected Products:
Source: Discovered by Jonathan Leitschuh. |
|||||
|
|
ZSB-19001 | 07/09/2019 | Denial of service attack - macOS | Low | CVE-2019-13449 |
|
Severity: Low CVSS Score: Base: 3.1 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Description: A vulnerability in the macOS Zoom client could allow a remote, unauthenticated attacker to trigger a denial-of-service condition on a victim's system. Affected Products:
Source: Discovered by Jonathan Leitschuh. |
|||||
| No results found | |||||
Please provide your individual email address to receive notification of future Zoom Security Bulletins. (Note: Email aliases will not receive these notifications.)