Thursday November 21, 2024

Advisory ID: ngCERT-2024-0002

Summary: A critical vulnerability (CVE-2023-49647) has been identified in Zoom products, exposing the potential for threat actors to exploit it for activities such as denial of service, privilege escalation and unauthorized disclosure of sensitive information on impacted systems. This jeopardizes the confidentiality and integrity of Zoom sessions and user data, underscoring the urgency to implement essential measures to effectively mitigate this threat.

Damage/Probability: CRTICAL/HIGH

Description: The identified vulnerability in Zoom products are due to improper authentication, path traversal, improper access control and cryptograph. Precisely, an Improper Access Control vulnerability exists in Zoom Desktop Client, Zoom VDI Client, and Zoom SDKs for Windows. The vulnerability allows an unauthenticated user to conduct an escalation of privilege via local access, potentially leading to unauthorized actions, such as modifying system settings, installing malware, or accessing sensitive data. Some of the affected products identified include:

  • Zoom Desktop Client for Windows before version 16.10
  • VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 15.12)
  • Zoom Video SDK for Windows before version 16.10
  • Zoom Meeting SDK for Windows before version 16.10s 

Consequences: Successful exploitation of this vulnerability could result in the following:

  • Data Exfiltration
  • Execution of malware on systems
  • Launch of DoS or DDoS
  • Further compromise of individual or organizations

Solution: Users can help keep themselves secure by Upgrading to version 5.16.10 which eliminates this vulnerability or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

References: