Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Zoom Workplace VDI App for Windows by Zoom Video Communications, Inc.
CVE-2024-27244 (GCVE-0-2024-27244)
Vulnerability from nvd – Published: 2024-05-15 20:46 – Updated: 2024-09-20 14:31
VLAI
Title
Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
Summary
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Workplace VDI App for Windows |
Affected:
< 5.17.10
|
|
| zoom | vdi_windows_meeting_client |
Affected:
0 , < 5.17.10
(custom)
cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:* |
Date Public
2024-05-14 12:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:29:39.718000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:21:25.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace VDI App for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c 5.17.10"
}
]
}
],
"datePublic": "2024-05-14T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eInsufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:31:59.382Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27244",
"datePublished": "2024-05-15T20:46:37.922Z",
"dateReserved": "2024-02-21T21:15:32.633Z",
"dateUpdated": "2024-09-20T14:31:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27244 (GCVE-0-2024-27244)
Vulnerability from cvelistv5 – Published: 2024-05-15 20:46 – Updated: 2024-09-20 14:31
VLAI
Title
Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
Summary
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Workplace VDI App for Windows |
Affected:
< 5.17.10
|
|
| zoom | vdi_windows_meeting_client |
Affected:
0 , < 5.17.10
(custom)
cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:* |
Date Public
2024-05-14 12:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vdi_windows_meeting_client",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:29:39.718000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:21:25.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace VDI App for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "\u003c 5.17.10"
}
]
}
],
"datePublic": "2024-05-14T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eInsufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:31:59.382Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27244",
"datePublished": "2024-05-15T20:46:37.922Z",
"dateReserved": "2024-02-21T21:15:32.633Z",
"dateUpdated": "2024-09-20T14:31:59.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}