Lucene search

ZoomCVELIST:CVE-2024-27238

HistoryJul 15, 2024 - 5:20 p.m.

CVE-2024-27238 Zoom Apps and SDKs - Race Condition

2024-07-1517:20:39

CWE-367

Zoom

www.cve.org

zoom

race condition

windows

privilege escalation

cve-2024-27238

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

Percentile

9.3%

JSON

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Zoom Apps and SDKs",
    "vendor": "Zoom Communications, Inc",
    "versions": [
      {
        "status": "affected",
        "version": "before version 6.0.0"
      }
    ]
  }
]

References

www.zoom.com/en/trust/security-bulletin/zsb-24021

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

Percentile

9.3%

JSON

Related for CVELIST:CVE-2024-27238