Vulnerabilites related to Zoom Communications Inc. - Zoom Workplace Apps and Rooms Clients
CVE-2024-39825 (GCVE-0-2024-39825)
Vulnerability from cvelistv5
Published
2024-08-14 16:34
Modified
2024-08-16 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps and Rooms Clients |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:49.345375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:28:41.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps and Rooms Clients",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:34:53.595Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24022"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and Rooms Clients - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39825",
"datePublished": "2024-08-14T16:34:53.595Z",
"dateReserved": "2024-06-28T19:43:03.520Z",
"dateUpdated": "2024-08-16T13:28:41.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}