Security Bulletin
Security Bulletin
ZSB | Date | Title | Severity | CVE (if applicable) | |
---|---|---|---|---|---|
|
ZSB-21012 | 09/30/2021 | Remote Code Execution against On-Prem Images via webportal | Medium | CVE-2021-34416 |
Severity: Medium CVSS Score: 5.5 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Description: The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. Affected Products:
Source: Reported by Egor Dimitrenko of Positive Technologies |
|||||
|
ZSB-21011 | 09/30/2021 | ZC crash using a PDU which causes many allocations | High | CVE-2021-34415 |
Severity: High CVSS Score: 7.5 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description: The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. Affected Products:
Source: Reported by Nikita Abramov of Positive Technologies |
|||||
|
ZSB-21010 | 09/30/2021 | Remote Code Execution against Meeting Connector server via webportal network proxy configuration | Medium | CVE-2021-34414 |
Severity: Medium CVSS Score: 7.2 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Description: The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fail to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator. Affected Products:
Source: Reported by Egor Dimitrenko of Positive Technologies |
|||||
|
ZSB-21009 | 09/30/2021 | Zoom MacOS Outlook Plugin Installer Local Privilege Escalation | Low | CVE-2021-34413 |
Severity: Low CVSS Score: 2.8 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Description: All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. Affected Products:
Source: Reported by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21008 | 09/30/2021 | Zoom for Windows Installer Local Privilege Escalation | Medium | CVE-2021-34412 |
Severity: Medium CVSS Score: 4.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Description: During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Affected Products:
Source: Discovered by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21007 | 09/30/2021 | Zoom Rooms Installer Local Privilege Escalation | Medium | CVE-2021-34411 |
Severity: Medium CVSS Score: 4.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Description: During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Affected Products:
Source: Reported by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21006 | 09/30/2021 | Zoom Plugin for Microsoft Outlook (MacOS) Installer Root App Privilege Escalation | Medium | CVE-2021-34410 |
Severity: Medium CVSS Score: 6.6 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/CR:X/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:R/MS:U/MC:X/MI:X/MA:X Description: A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. Affected Products:
Source: Reported by Patrick Murphy of LockHeed Martin |
|||||
|
ZSB-21005 | 09/30/2021 | MacOS Installer Privilege Escalation | High | CVE-2021-34409 |
Severity: High CVSS Score: 7.0 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Description: User-writable pre and post-install scripts unpacked during the Zoom Client for Meetings for MacOS installation before version 5.2.0 allow for privilege escalation to root. Affected Products:
Source: Reported by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21004 | 09/30/2021 | Zoom MSI Installer Elevated Write Using A Junction | High | CVE-2021-34408 |
Severity: High CVSS Score: 7.0 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Description: A user-writable directory created during the installation of the Zoom Client for Meetings for Windows version prior to version 5.3.2 can be redirected to another location using a junction. This would allow an attacker to overwrite files that a limited user would otherwise be unable to modify. Affected Products:
Source: Discovered by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21003 | 09/30/2021 | Windows Zoom Installer Digital Signature Bypass | High | CVE-2021-33907 |
Severity: High CVSS Score: 7.0 CVSS Vector String: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:N/MUI:R/MS:U/MC:H/MI:H/MA:H Description: The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. Affected Products:
Source: Discovered by Patrick Murphy of Lockheed Martin |
|||||
|
ZSB-21002 | 08/13/2021 | Heap overflow from static buffer unchecked write from XMPP message | High | CVE-2021-30480 |
Severity: High CVSS Score: 8.1 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:H/IR:H/AR:H/MAV:N/MAC:H/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H
Description: A heap based buffer overflow exists in all desktop versions of the Zoom Client for Meetings before version 5.6.3. This Finding was reported to Zoom as a part of 2021 Pwn20wn Vancouver. The attack chain demonstrated during Pwn20wn was mitigated in a server-side change in Zoom’s infrastructure on 2021-04-09. Affected Products:
Source: Reported by Daan Keuper and Thijs Alkemade from Computest via the Zero Day Initiative |
|||||
|
ZSB-21001 | 03/26/2021 | Application Window Screen Sharing Functionality | Medium | CVE-2021-28133 |
Severity: Medium CVSS Score: 5.7 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Description: A vulnerability affected the Zoom Windows and Linux Clients’ share screen functionality when sharing individual application windows, in which screen contents of applications which are not explicitly shared by the screen-sharing users may be seen by other meeting participants for a brief moment if the “sharer” is minimizing, maximizing, or closing another window. Affected Products:
Source: Discovered by Michael Stramez and Matthias Deeg. |
|||||
|
ZSB-20002 | 08/14/2020 | Windows DLL in the Zoom Sharing Service | High | CVE-2020-9767 |
Severity: High CVSS Score: 7.8 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service could allow a local Windows user to escalate privileges to those of the NT AUTHORITY/SYSTEM user. Affected Products:
Source: Connor Scott of Context Information Security |
|||||
|
ZSB-20001 | 05/04/2020 | Zoom IT Installer for Windows | High | CVE-2020-11443 |
Severity: High CVSS Score: Base: 8.4 CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Description: A vulnerability in how the Zoom Windows installer handles junctions when deleting files could allow a local Windows user to delete files otherwise not deletable by the user. Affected Products:
Source: Thanks to the Lockheed Martin Red Team. |
|||||
|
ZSB-19003 | 07/12/2019 | ZoomOpener daemon | High | CVE-2019-13567 |
Severity: High CVSS Score: Base: 7.5 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: A vulnerability in the Zoom MacOS client could allow an attacker to download malicious software to a victim's device. Affected Products:
Source: Unknown. |
|||||
|
ZSB-19002 | 07/09/2019 | Default Video Setting | Low | CVE-2019-13450 |
Severity: Low CVSS Score: Base: 3.1 CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Description: A vulnerability in the MacOS Zoom and RingCentral clients could allow a remote, unauthenticated attacker to force a user to join a video call with the video camera active. Affected Products:
Source: Discovered by Jonathan Leitschuh. |
|||||
|
ZSB-19001 | 07/09/2019 | Denial of service attack - MacOS | Low | CVE-2019-13449 |
Severity: Low CVSS Score: Base: 3.1 CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Description: A vulnerability in the MacOS Zoom client could allow a remote, unauthenticated attacker to trigger a denial-of-service condition on a victim's system. Affected Products:
Source: Discovered by Jonathan Leitschuh. |
|||||
|
ZSB-18001 | 11/30/2018 | Unauthorized Message Processing | High | CVE-2018-15715 |
Severity: High CVSS Score: 7.4 CVSS Vector String: AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/CR:X/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X
Description: A vulnerability in the Zoom client could allow a remote, unauthenticated attacker to control meeting functionality such as ejecting meeting participants, sending chat messages, and controlling participant microphone muting. If the attacker was also a valid participant in the meeting and another participant was sharing their desktop screen, the attacker could also take control of that participant’s keyboard and mouse. Affected Products:
Source: David Wells from Tenable. |
|||||
No results found |