Zoom Workplace Apps and SDKs - Improper Privilege Management

Bulletin: ZSB-24026
CVEID: CVE-2024-39819
CVSS Severity: Medium
CVSS Score: 6.7
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Description:

Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop App for Windows before version 6.0.10
Zoom Rooms App for Windows before version 5.17.13
Zoom Meeting SDK for Windows before version 6.0.10

Source:

Reported by sim0nsecurity.

Revision	Date	Description
1.1	07/11/2024	Updated description to include installer.
1.0	07/09/2024	Initial publication.

Zoom Workplace Apps and SDKs - Improper Privilege Management

Subscribe for updates