Privilege Escalation Vulnerability in Zoom Apps for Windows Installer
CVE-2024-27240

7.8HIGH

Key Information:

Vendor

Zoom
Status
Workplace Desktop
Workplace Virtual Desktop Infrastructure
Rooms
Vendor
CVE Published:
15 July 2024

What is CVE-2024-27240?

Improper input validation in the installer for certain Zoom Apps on Windows platforms allows authenticated users to perform privilege escalation via local access. This vulnerability can pose significant risks as it may enable unauthorized access to elevated permissions, potentially compromising system integrity and data security. Users and administrators are encouraged to review their current installations of Zoom Apps and apply available security patches to mitigate this risk.

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24019

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2024-27240 : Privilege Escalation Vulnerability in Zoom Apps for Windows Installer