Lucene search

[email protected]NVD:CVE-2021-33907

HistorySep 27, 2021 - 2:15 p.m.

CVE-2021-33907

2021-09-2714:15:08

CWE-295

[email protected]

web.nvd.nist.gov

zoom

windows

update

vulnerability

remote code execution

certificate validation

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.9%

JSON

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.

Affected configurations

Nvd

Node

zoommeetingsRange<5.3.0windows

VendorProductVersionCPE
zoommeetings*cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zoom	meetings	*	cpe:2.3:a:zoom:meetings::::::windows::*

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.9%

JSON

Related for NVD:CVE-2021-33907

kaspersky1 cvelist1 prion1 cve1 openvas1 nessus1