Zoom Critical Vulne...
Clear all

Zoom Critical Vulnerability CVE-2024-24691 CVSS 9.6 Patch Now

1 Posts
1 Users
Brandon Lee
Posts: 542
Member Admin
Topic starter

A critical vulnerability, identified as CVE-2024-24691 with a CVSS score of 9.6, involves improper input validation, enabling attackers with network access to achieve privilege escalation. This flaw impacts several versions of Zoom's software for Windows, including the Desktop Client prior to version 5.16.5, the VDI Client before version 5.16.10 (with exceptions), the Rooms Client preceding version 5.17.0, and the Meeting SDK before version 5.16.5, as detailed in Zoom's security advisory.

Additionally, Zoom addressed a high-severity vulnerability affecting its Windows applications, which could allow for privilege escalation through local exploitation without the need for authentication. This defect, cataloged as CVE-2024-24697 and characterized as an untrusted search path issue, affects earlier versions of the Desktop Client, VDI Client (with certain versions excluded), Meeting SDK, and Rooms Client, all before the 5.17.0 updates.

The company also resolved two medium-severity vulnerabilities that posed risks of information disclosure within the Desktop Client, VDI Client, and Meeting SDK for Windows.

Furthermore, on Tuesday, Zoom alerted users to three medium-severity vulnerabilities present across its desktop and mobile client software, including Windows, macOS, Linux, Android, and iOS platforms. These security gaps could potentially be exploited to execute denial-of-service attacks or facilitate information leaks.

To mitigate these security risks, users across all affected platforms are urged to upgrade their Zoom applications to the most current versions available, ensuring the highest level of protection against potential exploits.



Posted : 14/02/2024 8:58 am