- 55/2024
- Critical
Zoom has released security updates to fix several vulnerabilities in multiple products such as Zoom Clients, Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger denial of service attacks, gain elevated privileges, execute arbitrary code, and gain access to the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Zoom Products Privilege Escalation Vulnerability (CVE-2024-24691):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
2. Zoom Products Code Execution Vulnerability (CVE-2024-24697):
- CVSS: 7.2
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2024-24690
- CVE-2024-24691
- CVE-2024-24695
- CVE-2024-24696
- CVE-2024-24697
- CVE-2024-24698
- CVE-2024-24699
- CVE-2023-49647
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.