Privilege Escalation Vulnerability in Zoom Apps for Windows Installer
CVE-2024-27240

7.8HIGH

Key Information:

Vendor: Zoom
Status: Workplace Desktop; Workplace Virtual Desktop Infrastructure; Rooms
Vendor: CVE Published:; 15 July 2024

What is CVE-2024-27240?

Improper input validation in the installer for certain Zoom Apps on Windows platforms allows authenticated users to perform privilege escalation via local access. This vulnerability can pose significant risks as it may enable unauthorized access to elevated permissions, potentially compromising system integrity and data security. Users and administrators are encouraged to review their current installations of Zoom Apps and apply available security patches to mitigate this risk.

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24019

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024