CVE-2024-24691
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
In short
The Zoom Desktop Client for Windows fails to properly check user inputs, allowing someone on the network to gain higher privileges without needing to log in first. This is a serious flaw because it can let attackers take control of the application or the system.
Technical detail
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client, and Meeting SDK for Windows enables unauthenticated privilege escalation via network vector. The vulnerability stems from insufficient sanitization of network-supplied inputs, allowing an attacker with network access to bypass authentication controls and elevate their privileges within the affected application.
Summary generated and translated by AI from the official description.
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Zoom Video Communications, Inc. · Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for WindowsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →