Privilege Escalation Vulnerability in Zoom Call Recording Software
CVE-2019-18822
8.8HIGH
What is CVE-2019-18822?
A privilege escalation vulnerability exists in the Zoom Call Recording software version 6.3.1. This flaw allows an attacker to exploit the 'callrec-rs@.service' to gain elevated privileges. The service runs the /opt/callrec/bin/rs binary with root access, which is under the ownership of the 'callrec' account. If compromised, an attacker can replace this binary with a malicious executable, effectively gaining unauthorized root access to the system, leading to potential data breaches and system manipulation.
