Local Privilege Escalation in Zoom Client for Meetings on Windows
CVE-2021-34412

7.8HIGH

Key Information:

Vendor: Zoom
Status: Zoom Client For Meetings For Windows
Vendor: CVE Published:; 27 September 2021

What is CVE-2021-34412?

During the installation of the Zoom Client for Meetings on Windows, a vulnerability allows for the potential launching of Internet Explorer when the installer is executed with elevated privileges. This could lead to unauthorized access and local privilege escalation on impacted systems, particularly when deployed through management tools like SCCM without proper safeguards.

Affected Version(s)

Zoom Client for Meetings for Windows All versions of Zoom Client for Meetings for Windows before 5.4.0

References

https://explore.zoom.us/en/trust/security/security-bulletin/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Jun 9, 2021