CVE-2024-45426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45426
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
History

04 Mar 2025, 20:42

Type Values Removed Values Added
References () https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ - () https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ - Vendor Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*
cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*
Summary
  • (es) La asignación de propiedad incorrecta en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.
First Time Zoom rooms
Zoom workplace
Zoom workplace Desktop
Zoom meeting Software Development Kit
Zoom
Zoom workplace Virtual Desktop Infrastructure
Zoom rooms Controller

25 Feb 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-25 20:15

Updated : 2025-03-04 20:42

NVD link : CVE-2024-45426

Mitre link : CVE-2024-45426

CVE.ORG link : CVE-2024-45426

JSON object : View

Products Affected

zoom

  • workplace
  • meeting_software_development_kit
  • workplace_desktop
  • rooms_controller
  • rooms
  • workplace_virtual_desktop_infrastructure
CWE
CWE-708

Incorrect Ownership Assignment

NVD-CWE-noinfo