CVE-2024-39825

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39825
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

8.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24022 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
History

04 Sep 2024, 21:34

Type Values Removed Values Added
CWE CWE-787
First Time Zoom
Zoom workplace Virtual Desktop Infrastructure
Zoom workplace Desktop
Zoom workplace
Zoom rooms
Summary
  • (es) El desbordamiento del búfer en algunas aplicaciones de Zoom Workplace y Rooms Clients puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.
CPE cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
References () https://www.zoom.com/en/trust/security-bulletin/zsb-24022 - () https://www.zoom.com/en/trust/security-bulletin/zsb-24022 - Vendor Advisory

14 Aug 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-14 17:15

Updated : 2024-09-04 21:34

NVD link : CVE-2024-39825

Mitre link : CVE-2024-39825

CVE.ORG link : CVE-2024-39825

JSON object : View

Products Affected

zoom

  • rooms
  • workplace_virtual_desktop_infrastructure
  • workplace_desktop
  • workplace
CWE
CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow