Lucene search

[email protected]CVE-2021-30480

HistoryApr 09, 2021 - 11:15 p.m.

CVE-2021-30480

2021-04-0923:15:12

[email protected]

web.nvd.nist.gov

111

zoom chat

cve-2021-30480

remote code execution

security vulnerability

windows

macos

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.

Affected configurations

NVD

Node

applemacosMatch-

microsoftwindowsMatch-

AND

zoomchatRange≤2021-04-09

CPENameOperatorVersion
zoom:chatzoom chatle2021-04-09

CPE	Name	Operator	Version
zoom:chat	zoom chat	le	2021-04-09

References

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-day-discovery-makes-calls-safer-hackers-200000-richer/

explore.zoom.us/en/trust/security/security-bulletin/

sector7.computest.nl/post/2021-08-zoom/

twitter.com/thezdi/status/1379855435730149378

twitter.com/thezdi/status/1379859851061395459

www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2own

www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/

www.zerodayinitiative.com/advisories/ZDI-21-971/

zoom.us/feature/messaging

Social References

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2021-30480

prion1 nessus1 cvelist1 kaspersky1 nvd2 cve1 openvas1