← back
CVE-2024-42441

Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Incorrect Privilege Assignment

CVSS 6.2 MEDIUMEPSS 0.2%CWE-266
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Zoom Communications Inc. · Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zoom.com/en/trust/security-bulletin/zsb-24034