Critical Zoom Clients Flaw Let Attackers Escalate Privileges – CybersecurityNews

A vulnerability classified as improper input validation was found in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows that could potentially allow an authenticated attacker to gain access to sensitive information on the system through the network. 
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows contains a critical privilege escalation vulnerability (CVE-2024-24691) with a CVSS score of 9.6. 
According to the findings of Zoom Offensive Security, the vulnerability is extremely serious and may be exploited with a relatively simple level of complexity. 
The CVSS vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) provides more information about the vulnerability, including the fact that an unauthenticated attacker with low privileges can remotely exploit it and that it has a significant impact on the system’s confidentiality, integrity, and availability.
It stems from the application’s failure to validate user inputs, and malicious actors properly can exploit this weakness by sending specially crafted data packets over the network. 
Suppose the application processes this data without proper validation. In that case, it can trigger unintended actions and potentially allow attackers to escalate their privileges, which could grant attackers complete control over the compromised system. 
With this level of access, attackers could steal sensitive data, install malicious software, disrupt critical operations, or even use the compromised system as a launchpad for further attacks.
Zoom warns users of a critical vulnerability (CVE-2024-24691) in Zoom Desktop Client and Zoom VDI Client for Windows. Versions prior to 5.16.5 for Desktop Client and those before 5.16.10 for VDI Client (excluding specific exceptions) are susceptible. 
It allows unauthenticated attackers on the network to escalate privileges, potentially compromising the entire system, as an immediate upgrade to versions 5.16.5 (Desktop) or 5.16.10 (VDI, excluding the mentioned exceptions) is essential using the link
Zoom also identified a critical vulnerability (CVE-2024-24691) in the Zoom Rooms Client for Windows versions older than 5.17.0 and the Zoom Meeting SDK for Windows versions before 5.16.5. 
Vulnerability originates from search pathways that cannot be trusted, rendering it possible for malicious actors on the network to execute code that is not authorized. 
It is severe because it grants attackers the ability to take complete control of affected systems, potentially leading to data breaches, malware installations, or disruptions to critical Zoom functionalities.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *