CVE-2024-45418

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24040/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:video_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*

History

04 Mar 2025, 17:22

Type	Values Removed	Values Added
First Time		Zoom rooms Zoom workplace Desktop Zoom meeting Software Development Kit Zoom Zoom video Software Development Kit
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ - Vendor Advisory
CPE		cpe:2.3:a:zoom:rooms::::::macos::* cpe:2.3:a:zoom:video_software_development_kit::::::macos::* cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::* cpe:2.3:a:zoom:workplace_desktop::::::macos::*
Summary		(es) El enlace simbólico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versión 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.
CWE		CWE-59

25 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-25 20:15

Updated : 2025-03-04 17:22

NVD link : CVE-2024-45418

Mitre link : CVE-2024-45418

CVE.ORG link : CVE-2024-45418

JSON object : View

Products Affected

zoom

meeting_software_development_kit
workplace_desktop
video_software_development_kit
rooms

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2024-45418", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-25T20:15:35.223", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zoom.us", "description": [{"lang": "en", "value": "CWE-61"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access."}, {"lang": "es", "value": "El enlace simb\u00f3lico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versi\u00f3n 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."}], "lastModified": "2025-03-04T17:22:39.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", "versionEndExcluding": "6.1.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}