← back
CVE-2024-27244

Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity

CVSS 6.7 MEDIUMEPSS 0.1%CWE-347
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.1%KEV nãoPoC Patch
Lifecycle
15 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
Zoom Video Communications, Inc. · Zoom Workplace VDI App for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zoom.com/en/trust/security-bulletin/zsb-24015/