Privilege escalation in Zoom Workplace Desktop App and Zoom Rooms Client for macOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-42441 CVE-2024-42442 |
| CWE-ID | CWE-269 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Zoom Workplace Desktop App for macOS Client/Desktop applications / Office applications Zoom Rooms Client for macOS Client/Desktop applications / Office applications |
| Vendor | Zoom Video Communications, Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper privilege management
EUVDB-ID: #VU95822
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42441
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 6.1.1 36333
Zoom Rooms Client for macOS: 5.0.0 2236.0426 - 6.1.2 6877
CPE2.3- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.0.0:23186.0427:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.1:28575.0629:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.2:28648.0705:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.0.0:2236.0426:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.0.5:2542.0703:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.1.2:2806.0821:*:*:*:*:*:*
https://www.zoom.com/en/trust/security-bulletin/ZSB-24034/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper privilege management
EUVDB-ID: #VU95823
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42442
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsZoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 6.1.1 36333
Zoom Rooms Client for macOS: 5.0.0 2236.0426 - 6.1.2 6877
CPE2.3- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.0.0:23186.0427:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.1:28575.0629:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.2:28648.0705:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.0.0:2236.0426:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.0.5:2542.0703:*:*:*:*:*:*
- cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.1.2:2806.0821:*:*:*:*:*:*
https://www.zoom.com/en/trust/security-bulletin/ZSB-24034/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
