Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Zoom Workplace VDI App for Windows by Zoom Video Communications, Inc.

    CVE-2024-27244 (GCVE-0-2024-27244)

    Vulnerability from nvd – Published: 2024-05-15 20:46 – Updated: 2024-09-20 14:31
    VLAI
    Title
    Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
    Summary
    Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Video Communications, Inc. Zoom Workplace VDI App for Windows Affected: < 5.17.10
    Create a notification for this product.
    zoom vdi_windows_meeting_client Affected: 0 , < 5.17.10 (custom)
        cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-14 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vdi_windows_meeting_client",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "5.17.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T17:29:39.718000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:21:25.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace VDI App for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 5.17.10"
                }
              ]
            }
          ],
          "datePublic": "2024-05-14T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eInsufficient verification of data authenticity in the installer for Zoom Workplace  VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient verification of data authenticity in the installer for Zoom Workplace  VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T14:31:59.382Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-27244",
        "datePublished": "2024-05-15T20:46:37.922Z",
        "dateReserved": "2024-02-21T21:15:32.633Z",
        "dateUpdated": "2024-09-20T14:31:59.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27244 (GCVE-0-2024-27244)

    Vulnerability from cvelistv5 – Published: 2024-05-15 20:46 – Updated: 2024-09-20 14:31
    VLAI
    Title
    Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
    Summary
    Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Video Communications, Inc. Zoom Workplace VDI App for Windows Affected: < 5.17.10
    Create a notification for this product.
    zoom vdi_windows_meeting_client Affected: 0 , < 5.17.10 (custom)
        cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-14 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:vdi_windows_meeting_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vdi_windows_meeting_client",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "5.17.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T17:29:39.718000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:21:25.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zoom Workplace VDI App for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 5.17.10"
                }
              ]
            }
          ],
          "datePublic": "2024-05-14T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eInsufficient verification of data authenticity in the installer for Zoom Workplace  VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient verification of data authenticity in the installer for Zoom Workplace  VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-20T14:31:59.382Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-27244",
        "datePublished": "2024-05-15T20:46:37.922Z",
        "dateReserved": "2024-02-21T21:15:32.633Z",
        "dateUpdated": "2024-09-20T14:31:59.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }