Lucene search

[email protected]CVE-2018-15715

HistoryNov 30, 2018 - 8:29 p.m.

CVE-2018-15715

2018-11-3020:29:00

CWE-290

CWE-20

[email protected]

web.nvd.nist.gov

1688

zoom

cve-2018-15715

windows

mac os

linux

unauthorized message processing

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Affected configurations

NVD

Node

zoomzoomRange≤2.4.129780.0915linux

zoomzoomRange<4.1.34801.1116mac_os_x

zoomzoomRange<4.1.34814.1119windows

CPENameOperatorVersion
zoom:zoomzoomle2.4.129780.0915
zoom:zoomzoomlt4.1.34801.1116
zoom:zoomzoomlt4.1.34814.1119

CPE	Name	Operator	Version
zoom:zoom	zoom	le	2.4.129780.0915
zoom:zoom	zoom	lt	4.1.34801.1116
zoom:zoom	zoom	lt	4.1.34814.1119

CNA Affected

[
  {
    "product": "Zoom",
    "vendor": "Zoom",
    "versions": [
      {
        "status": "affected",
        "version": "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
      }
    ]
  }
]