Summary
New vulnerabilities, including one with a severity of “critical” and one with a severity of “high,” were discovered in some products related to the Zoom videoconferencing suite.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (65.15/100)1.
Type
- Privilege Escalation
Affected products and versions
Zoom
- Desktop Client for Windows, versions prior to 5.17.0
- VDI Client for Windows, versions prior to 5.17.5 (excluding some versions for which please refer to the bulletins in the References section)
- Meeting SDK for Windows, versions prior to 5.17.0
- Rooms Client for Windows, versions prior to 5.17.0
Mitigation actions
In line with the vendor statements, it is recommended to apply the available mitigation actions, following the indications reported in the security bulletin at the link in the References section.
Unique Vulnerability Identifiers
References
https://www.zoom.com/en/trust/security-bulletin/ZSB-24008
https://www.zoom.com/en/trust/security-bulletin/ZSB-24004
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
