- 228/2024
- High
Zoom has released security updates to fix several vulnerabilities across multiple Zoom products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct an information disclosure via network access, or gain elevated privileges to the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Zoom Workplace Apps and Rooms Clients – Buffer Overflow Vulnerability (CVE-2024-39825):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Privilege Escalation
2. Zoom Workplace Apps and SDKs – Protection Mechanism Failure Vulnerability (CVE-2024-39818):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Information Disclosure
Sample of affected products:
- Zoom Workplace Desktop App and Zoom Workplace VDI Client.
- Zoom Meeting SDK.
- Zoom Rooms Clients and Zoom Rooms Controller.
- Zoom Workplace App.
Vulnerabilities
- CVE-2024-42443
- CVE-2024-42441
- CVE-2024-42442
- CVE-2024-42439
- CVE-2024-42440
- CVE-2024-42436
- CVE-2024-42437
- CVE-2024-42438
- CVE-2024-39823
- CVE-2024-39824
- CVE-2024-42434
- CVE-2024-42435
- CVE-2024-39822
- CVE-2024-39818
- CVE-2024-39825
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.