CVE-2024-24691
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
Severity Score
9.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Una validación de entrada incorrecta en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom Meeting SDK para Windows puede permitir que un usuario no autenticado realice una escalada de privilegios a través del acceso a la red.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-26 CVE Reserved
- 2024-02-14 CVE Published
- 2024-09-20 CVE Updated
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-176: Improper Handling of Unicode Encoding
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.zoom.com/en/trust/security-bulletin/ZSB-24008 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zoom Video Communications, Inc. Search vendor "Zoom Video Communications, Inc." | Zoom Desktop Client For Windows, Zoom VDI Client For Windows, And Zoom Meeting SDK For Windows Search vendor "Zoom Video Communications, Inc." for product "Zoom Desktop Client For Windows, Zoom VDI Client For Windows, And Zoom Meeting SDK For Windows" | * | en |
Affected
|