Lucene search

ZoomCVELIST:CVE-2024-42440

HistoryAug 14, 2024 - 4:44 p.m.

CVE-2024-42440 Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management

2024-08-1416:44:46

CWE-269

Zoom

www.cve.org

zoom

macos

privilege management

escalation of privilege

installer

CVSS3

6.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS",
    "vendor": "Zoom Communications Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before version 6.1.5"
      }
    ]
  }
]

References

www.zoom.com/en/trust/security-bulletin/zsb-24034

CVSS3

6.2

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-42440