CVE-2021-34420
Zoom Windows installation executable signature bypass
Severity Score
7.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.
El instalador de Zoom Client for Meetings para Windows anterior a la versión 5.5.4 no verifica correctamente la firma de los archivos con extensiones .msi, .ps1 y .bat. Esto podría dar lugar a que un actor malintencionado instalara software malicioso en el ordenador de un cliente
*Credits:
Laurent Delosieres of ManoMano
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-09 CVE Reserved
- 2021-11-11 CVE Published
- 2024-07-28 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://explore.zoom.us/en/trust/security/security-bulletin | 2021-12-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zoom Search vendor "Zoom" | Zoom Client For Meetings Search vendor "Zoom" for product "Zoom Client For Meetings" | < 5.4.4 Search vendor "Zoom" for product "Zoom Client For Meetings" and version " < 5.4.4" | windows |
Affected
| ||||||