Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-39818 |
CWE-ID | CWE-693 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Zoom Workplace App for iOS Mobile applications / Apps for mobile phones Zoom Workplace Desktop App for Linux Client/Desktop applications / Office applications Zoom Workplace Desktop App for Windows Client/Desktop applications / Office applications Zoom Workplace Desktop App for macOS Client/Desktop applications / Office applications Virtual Desktop Infrastructure (VDI) Server applications / Conferencing, Collaboration and VoIP solutions Zoom Meeting SDK for Windows Universal components / Libraries / Software for developers Zoom Meeting SDK for iOS Universal components / Libraries / Software for developers Zoom Meeting SDK for Android Universal components / Libraries / Software for developers Zoom Meeting SDK for macOS Universal components / Libraries / Software for developers Zoom Meeting SDK for Linux Universal components / Libraries / Software for developers |
Vendor | Zoom Video Communications, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU105753
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39818
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A remote attacker can bypass implemented security restrictions and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsZoom Workplace App for iOS: 4.6.10 20012.0407 - 6.0.5 15390
Zoom Workplace Desktop App for Linux: 5.1.418436.0628 - 6.0.2 4680
Zoom Workplace Desktop App for Windows: 0.9.10042.0911 - 6.0.5 15390
Zoom Workplace Desktop App for macOS: 4.6.9 19273.0402 - 6.0.2 33403
Virtual Desktop Infrastructure (VDI): 5.17.5 24630 - 5.17.12.24920
Zoom Meeting SDK for Windows: 5.9.0 - 6.0.4
Zoom Meeting SDK for iOS: 5.9.0 - 6.0.2
Zoom Meeting SDK for Android: 5.9.0 - 6.0.2
Zoom Meeting SDK for macOS: 5.9.0 - 6.0.2
Zoom Meeting SDK for Linux: 5.15.5 - 6.0.2
CPE2.3https://www.zoom.com/en/trust/security-bulletin/zsb-24022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.