Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks

Zoom, a properly-identified video conferencing software, has patched seven vulnerabilities in its desktop and cell functions, significantly a well-known flaw identified as CVE-2024-24691 impacting Dwelling windows software.

Critically, a high-severity escalation of privilege effort affecting Dwelling windows software was also mounted by the corporate and assigned as CVE-2024-24697.

A privilege escalation assault is an are attempting to gain unauthorized procure accurate of entry to to increased rights, permissions, privileges, or entitlements than those allocated to a particular memoir, client, or software. This will possible well also occur due to a scheme flaw, misconfiguration, or insufficient procure accurate of entry to controls.

CVE-2024-24691- Spoiled Input Validation

With a CVSS Score of 9.6, this well-known severity flaw would per chance well also enable an unauthorized client to manufacture an escalation of privilege by job of community procure accurate of entry to attributable to faulty input validation in the Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Dwelling windows.

Affected Merchandise:

• Zoom Desktop Client for Dwelling windows sooner than version 5.16.5
• Zoom VDI Client for Dwelling windows sooner than version 5.16.10 (besides 5.14.14 and 5.15.12)
• Zoom Rooms Client for Dwelling windows sooner than version 5.17.0
• Zoom Meeting SDK for Dwelling windows sooner than version 5.16.5

CVE-2024-24697 – Untrusted Search Route

An untrusted search direction in some Zoom 32-bit Dwelling windows purchasers is a high-severity vulnerability with a CVSS ranking of seven.2 that would per chance well also enable an authorized client to manufacture a neighborhood procure accurate of entry to privilege escalation.

Affected Merchandise:

• Zoom Desktop Client for Dwelling windows sooner than version 5.17.0
• Zoom VDI Client for Dwelling windows sooner than version 5.17.5 (besides 5.15.15 and 5.16.12)
• Zoom Meeting SDK for Dwelling windows sooner than version 5.17.0
• Zoom Rooms Client for Dwelling windows sooner than version 5.17.0

Zoom also addressed diversified foremost factors, including:

• CVE-2024-24690 – Spoiled Input Validation in Zoom Customers
• CVE-2024-24699 – Enterprise Logic Error in Zoom Customers
• CVE-2024-24698 – Spoiled Authentication in Zoom Customers
• CVE-2024-24696–  Spoiled Input Validation in Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Dwelling windows
• CVE-2024-24695 – Spoiled Input Validation in Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Dwelling windows

Zoom doesn’t say that any of these vulnerabilities salvage been ragged in malicious assaults. Thus, the corporate advises customers to update their apps to the most newest readily accessible versions as soon as that you just would imagine.