Potential Escalation of Privilege via Local Access in Zoom Installer
CVE-2024-24694

7.8HIGH

Key Information:

Vendor

Zoom
Status
Zoom Desktop Client For Windows
Vendor
CVE Published:
9 April 2024

What is CVE-2024-24694?

An improper privilege management vulnerability exists in the installer of the Zoom Desktop Client for Windows, allowing an authenticated user to escalate privileges through local access. This issue, affecting versions prior to 5.17.10, could potentially enable unauthorized actions depending on the user's ability to execute the installer. It is crucial to apply the latest updates to mitigate this risk.

Affected Version(s)

Zoom Desktop Client for Windows Windows before version 5.17.10

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24011/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-24694 : Potential Escalation of Privilege via Local Access in Zoom Installer