Lucene search

[email protected]NVD:CVE-2024-39825

HistoryAug 14, 2024 - 5:15 p.m.

CVE-2024-39825

2024-08-1417:15:15

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

zoom

workplace apps

rooms clients

authenticated user

privilege escalation

network access

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

Affected configurations

Nvd

Node

zoomroomsRange<6.0.0ipados

zoomroomsRange<6.0.0macos

zoomroomsRange<6.0.0windows

zoomworkplaceRange<6.0.0android

zoomworkplaceRange<6.0.0iphone_os

zoomworkplace_desktopRange<6.0.0linux

zoomworkplace_desktopRange<6.0.0macos

zoomworkplace_desktopRange<6.0.0windows

zoomworkplace_virtual_desktop_infrastructureRange<5.17.13windows

VendorProductVersionCPE
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
zoomworkplace*cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*
zoomworkplace*cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
zoomworkplace_desktop*cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
zoomworkplace_desktop*cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
zoomworkplace_desktop*cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
zoomworkplace_virtual_desktop_infrastructure*cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zoom	rooms	*	cpe:2.3:a:zoom:rooms::::::ipados::*
zoom	rooms	*	cpe:2.3:a:zoom:rooms::::::macos::*
zoom	rooms	*	cpe:2.3:a:zoom:rooms::::::windows::*
zoom	workplace	*	cpe:2.3:a:zoom:workplace::::::android::*
zoom	workplace	*	cpe:2.3:a:zoom:workplace::::::iphone_os::*
zoom	workplace_desktop	*	cpe:2.3:a:zoom:workplace_desktop::::::linux::*
zoom	workplace_desktop	*	cpe:2.3:a:zoom:workplace_desktop::::::macos::*
zoom	workplace_desktop	*	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
zoom	workplace_virtual_desktop_infrastructure	*	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

References

www.zoom.com/en/trust/security-bulletin/zsb-24022

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Related for NVD:CVE-2024-39825

cvelist1 vulnrichment1 cve1