// For flags

CVE-2019-13450

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.

En el Cliente Zoom hasta versión 4.4.4 y RingCentral versión 7.0.136380.0312 en macOS, los atacantes remotos pueden forzar a un usuario a unirse a una llamada de video con la cámara de video activa. Esto ocurre porque cualquier sitio web puede interactuar con el servidor web de Zoom en el puerto host local 19421 o 19424. NOTA: una máquina permanece vulnerable si el cliente Zoom fue instalado en el pasado y luego se desinstaló. El bloqueo de la operación requiere pasos adicionales, tales como la preferencia ZDisableVideo y/o la eliminación del servidor web, suprimiendo el directorio ~/.zoomus y creando un archivo plano ~/.zoomus.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-07-09 CVE Reserved
  • 2019-07-09 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ringcentral
Search vendor "Ringcentral"
Ringcentral
Search vendor "Ringcentral" for product "Ringcentral"
7.0.136380.0312
Search vendor "Ringcentral" for product "Ringcentral" and version "7.0.136380.0312"
mac_os_x
Affected
Zoom
Search vendor "Zoom"
Zoom
Search vendor "Zoom" for product "Zoom"
<= 4.4.4
Search vendor "Zoom" for product "Zoom" and version " <= 4.4.4"
mac_os_x
Affected