Unauthenticated Escalation of Privilege Vulnerability in Zoom Desktop Client for Windows
Key Information
- Status
- Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
- Vendor
- CVE Published:
- 14 February 2024
Badges
Summary
A critical flaw, identified as CVE-2024-24691, was discovered in Zoom's desktop and mobile applications, particularly affecting Windows software. This vulnerability, along with six others, was addressed by Zoom. The CVE-2024-24691 vulnerability is associated with an improper input validation bug, and an escalation of privilege can be achieved by an attacker with network access. Other vulnerabilities, such as CVE-2024-24697, also allow for an escalation of privilege, and these issues can pose a significant security risk. Users are advised to promptly update their applications to the latest available versions to mitigate these vulnerabilities. No known exploitation of these vulnerabilities has been reported, and the company is working to ensure the security of its applications.
Affected Version(s)
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows = see references
News Articles
Medium CVE-2024-24691Mitigate Zoom CVE-2024–24691
Mitigating Zoom CVE-2024-24691 using Regedit / Group Policy
9 months ago
CyberSecurityNews CVE-2024-24691Zoom Desktop Flaws Let Attackers Launch Privilege Escalation Attacks
Zoom has patched seven vulnerabilities in its desktop and mobile applications, particularly a critical flaw identified as CVE-2024-24691.
9 months ago
Security Affairs CVE-2024-24691Zoom fixed critical flaw CVE-2024-24691 in Windows software
Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software
9 months ago
CVSS V3.1
Timeline
From: null to: 9.6
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
Vulnerability published.
First article discovered by securityonline.info
Vulnerability Reserved.