Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Zoom Client for Meetings for MacOS (Standard and for IT Admin) by Zoom Video Communications Inc
CVE-2022-22781 (GCVE-0-2022-22781)
Vulnerability from nvd – Published: 2022-04-28 14:59 – Updated: 2024-09-16 21:03
VLAI?
Title
Update package downgrade in Zoom Client for Meetings for MacOS
Summary
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version.
Severity ?
7.5 (High)
CWE
- Use of Less Trusted Source
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Client for Meetings for MacOS (Standard and for IT Admin) |
Affected:
unspecified , < 5.9.6
(custom)
|
Date Public ?
2022-04-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.9.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Patrick Wardle of Objective-See"
}
],
"datePublic": "2022-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user\u2019s currently installed version to a less secure version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Less Trusted Source",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:59:42.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "USER"
},
"title": "Update package downgrade in Zoom Client for Meetings for MacOS",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
"ID": "CVE-2022-22781",
"STATE": "PUBLIC",
"TITLE": "Update package downgrade in Zoom Client for Meetings for MacOS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.9.6"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Patrick Wardle of Objective-See"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user\u2019s currently installed version to a less secure version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Less Trusted Source"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-22781",
"datePublished": "2022-04-28T14:59:42.884Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:45.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34409 (GCVE-0-2021-34409)
Vulnerability from nvd – Published: 2021-09-27 13:55 – Updated: 2024-09-16 23:46
VLAI?
Title
Zoom Client Installer Local Privilege Escalation
Summary
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
Severity ?
7.8 (High)
CWE
- Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Client for Meetings for MacOS (Standard and for IT Admin) |
Affected:
unspecified , < 5.2.0
(custom)
|
||||||||||||
|
||||||||||||||
Date Public ?
2021-12-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client Plugin for Sharing iPhone/iPad",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lockheed Martin Red Team"
}
],
"datePublic": "2021-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T19:28:13.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"source": {
"discovery": "USER"
},
"title": "Zoom Client Installer Local Privilege Escalation",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2021-12-14T15:00:00.000Z",
"ID": "CVE-2021-34409",
"STATE": "PUBLIC",
"TITLE": "Zoom Client Installer Local Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Client Plugin for Sharing iPhone/iPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.1.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lockheed Martin Red Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Creation of Temporary File in Directory with Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2021-34409",
"datePublished": "2021-09-27T13:55:40.225Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:09.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22781 (GCVE-0-2022-22781)
Vulnerability from cvelistv5 – Published: 2022-04-28 14:59 – Updated: 2024-09-16 21:03
VLAI?
Title
Update package downgrade in Zoom Client for Meetings for MacOS
Summary
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version.
Severity ?
7.5 (High)
CWE
- Use of Less Trusted Source
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Client for Meetings for MacOS (Standard and for IT Admin) |
Affected:
unspecified , < 5.9.6
(custom)
|
Date Public ?
2022-04-27 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.9.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Patrick Wardle of Objective-See"
}
],
"datePublic": "2022-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user\u2019s currently installed version to a less secure version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Less Trusted Source",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T14:59:42.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "USER"
},
"title": "Update package downgrade in Zoom Client for Meetings for MacOS",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Video Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2022-04-27T12:00:00.000Z",
"ID": "CVE-2022-22781",
"STATE": "PUBLIC",
"TITLE": "Update package downgrade in Zoom Client for Meetings for MacOS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.9.6"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Patrick Wardle of Objective-See"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user\u2019s currently installed version to a less secure version."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Less Trusted Source"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-22781",
"datePublished": "2022-04-28T14:59:42.884Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:03:45.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34409 (GCVE-0-2021-34409)
Vulnerability from cvelistv5 – Published: 2021-09-27 13:55 – Updated: 2024-09-16 23:46
VLAI?
Title
Zoom Client Installer Local Privilege Escalation
Summary
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
Severity ?
7.8 (High)
CWE
- Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Zoom Video Communications Inc | Zoom Client for Meetings for MacOS (Standard and for IT Admin) |
Affected:
unspecified , < 5.2.0
(custom)
|
||||||||||||
|
||||||||||||||
Date Public ?
2021-12-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client Plugin for Sharing iPhone/iPad",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Rooms for Conference",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lockheed Martin Red Team"
}
],
"datePublic": "2021-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T19:28:13.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"source": {
"discovery": "USER"
},
"title": "Zoom Client Installer Local Privilege Escalation",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Zoom Communications Inc",
"ASSIGNER": "security@zoom.us",
"DATE_PUBLIC": "2021-12-14T15:00:00.000Z",
"ID": "CVE-2021-34409",
"STATE": "PUBLIC",
"TITLE": "Zoom Client Installer Local Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom Client for Meetings for MacOS (Standard and for IT Admin)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Client Plugin for Sharing iPhone/iPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.0"
}
]
}
},
{
"product_name": "Zoom Rooms for Conference",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.1.0"
}
]
}
}
]
},
"vendor_name": "Zoom Video Communications Inc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lockheed Martin Red Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user\u0027s machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Creation of Temporary File in Directory with Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://explore.zoom.us/en/trust/security/security-bulletin",
"refsource": "MISC",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2021-34409",
"datePublished": "2021-09-27T13:55:40.225Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:09.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}