Zoom Windows installation executable signature bypass
CVE-2021-34420

4.7MEDIUM

Key Information:

Vendor: Zoom
Status: Zoom Client For Meetings For Windows
Vendor: CVE Published:; 11 November 2021

What is CVE-2021-34420?

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.

Affected Version(s)

Zoom Client for Meetings for Windows < 5.5.4

References

https://explore.zoom.us/en/trust/security/security-bulletin

x_refsource_MISC

https://medium.com/manomano-tech/a-red-team-operation-lev...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2021
Vulnerability Reserved
Jun 9, 2021

Credit

Laurent Delosieres of ManoMano