Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistZoomCVELIST:CVE-2021-34417
HistoryNov 11, 2021 - 11:00 p.m.

CVE-2021-34417 Authenticated remote command execution with root privileges via web console in MMR

2021-11-1123:00:03
Zoom
www.cve.org
7
cve-2021-34417
remote command execution
mmr
web portal
network proxy

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON

The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator.

CNA Affected

[
  {
    "product": "Zoom On-Premise Meeting Connector Controller",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "4.6.365.20210703",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom On-Premise Meeting Connector MMR",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "4.6.365.20210703",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom On-Premise Recording Connector",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "3.8.45.20210703",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom On-Premise Virtual Room Connector",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "4.4.6868.20210703",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom On-Premise Virtual Room Connector Load Balancer",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "2.5.5496.20210703",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2021-34417
2021-11-11 23:15:09
cve
cve
CVE-2021-34417
2021-11-11 23:15:09
prion
prion
Command injection
2021-11-11 23:15:00

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON
Related for CVELIST:CVE-2021-34417
nvd1cve1prion1