Remote Command Injection Vulnerability in Zoom On-Premise Connectors
CVE-2021-34416
Key Information:
What is CVE-2021-34416?
The administrative web portal for Zoom's on-premise connectors contains a vulnerability that allows for unauthorized command execution on the server. Specifically, it fails to properly validate the input when updating network configuration settings. This flaw can be exploited by an attacker with web portal administrative access, potentially leading to significant compromises of the on-premise image. Users are advised to update to the latest versions to mitigate these risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Zoom On-Premise Meeting Connector Controller, Zoom On-Premise Meeting Connector MMR, Zoom On-Premise Recording Connector, Zoom On-Premise Virtual Room Connector, Zoom On-Premise Virtual Room Connector Load Balancer Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved