6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
Recent assessments:
busterb at July 09, 2019 5:19pm UTC reported:
Possibly a source of other vulnerabilities in the internal webserver, worth a look at least to see if there is anything else that could be exploited.
Note, it appears that now there are private Zoom PoC’s exploiting the webserver for remote code execution, though this appears to require the user to have uninstalled Zoom first leaving the web server behind. This is likely due to something in the clawback reinstaller not validating or accepting an attacker-controlled resource for the installer binaries.
jrobles-r7 at July 09, 2019 1:21pm UTC reported:
Possibly a source of other vulnerabilities in the internal webserver, worth a look at least to see if there is anything else that could be exploited.
Note, it appears that now there are private Zoom PoC’s exploiting the webserver for remote code execution, though this appears to require the user to have uninstalled Zoom first leaving the web server behind. This is likely due to something in the clawback reinstaller not validating or accepting an attacker-controlled resource for the installer binaries.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N