February 14, 2024 at 03:41PM
Zoom’s Desktop and VDI clients and Meeting SDK for Windows are affected by an improper input validation flaw, allowing unauthenticated attackers to conduct privilege escalation. The flaw, tracked as CVE-2024-24691 with a critical rating, impacts specific product versions. Users are advised to update to the latest version to address this and other vulnerabilities for enhanced security.
From the meeting notes, here are the key takeaways:
1. Vulnerability Details:
– Zoom’s desktop and VDI clients and Meeting SDK for Windows are vulnerable to an improper input validation flaw, allowing unauthenticated attackers to conduct privilege escalation over the network.
– The flaw is tracked as CVE-2024-24691 and has a critical rating with a CVSS v3.1 score of 9.6.
2. Impact:
– The vulnerability affects various product versions, including Zoom Desktop Client for Windows before version 5.16.5, Zoom VDI Client for Windows before version 5.16.10, Zoom Rooms Client for Windows before version 5.17.0, and Zoom Meeting SDK for Windows before version 5.16.5.
– The vulnerability requires some user interaction, which could involve clicking a link, opening a message attachment, or performing another action used by the attacker to exploit CVE-2024-24691.
3. Recommended Actions:
– Zoom users are advised to update to the latest version, including the desktop client for Windows, version 5.17.7, to mitigate the vulnerability.
– Additionally, the latest release addresses six other vulnerabilities (CVE-2024-24697, CVE-2024-24696, CVE-2024-24695, CVE-2024-24699, CVE-2024-24690, and CVE-2024-24698) which could lead to privilege escalation, information disclosure, and denial of service.
4. Impact on Users:
– Failure to apply the security update could lead to external actors elevating their privileges, potentially resulting in the theft of sensitive data, disruption or eavesdropping on meetings, and the installation of backdoors.
Please let me know if there is anything else you’d like to know about the meeting notes or if you need further assistance.