- 152/2024
- Medium
Zoom has released security updates to fix several vulnerabilities in multiple products.
addressed vulnerabilities could allow the attacker to conduct denial of service attacks, or gain elevated privileges to the affected system by sending a specially crafted request.
The addressed vulnerabilities:
1. Zoom Workplace VDI App for Windows Privilege Escalation Vulnerability (CVE-2024-27244):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Privileges
2. Zoom Apps – Buffer Overflow Vulnerability (CVE-2024-27243):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Zoom Workplace VDI App for Windows before version 5.17.10 (excluding 5.15.x).
- Zoom Workplace Desktop App for Windows before version 5.17.5
- Zoom Workplace App for iOS before version 5.17.5.
- Zoom Meeting SDK for Linux before version 5.17.5.
Vulnerabilities
- CVE-2024-27243
- CVE-2024-27244
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.