Security Bulletin
Security Bulletin
| ZSB | Date | Title | Severity | CVE (if applicable) | |
|---|---|---|---|---|---|
| {{item.title}} | {{item.date}} | {{item.name}} | {{item.severity}} | {{item.cve}} | |
|
|
|||||
| No results found | |||||
Severity: Medium
CVSS Score: 5.7
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Description: A vulnerability affected the Zoom Windows and Linux Clients’ share screen functionality when sharing individual application windows, in which screen contents of applications which are not explicitly shared by the screen-sharing users may be seen by other meeting participants for a brief moment if the “sharer” is minimizing, maximizing, or closing another window.
Zoom introduced several new security mitigations in Zoom Windows Client version 5.6 that reduce the possibility of this issue occurring for Windows users. We are continuing to work on additional measures to resolve this issue across all affected platforms.
Zoom also resolved the issue for Ubuntu users on March 1, 2020 in Zoom Linux Client version 5.5.4. Users can apply current updates or download the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- All Windows Zoom Client versions
- Linux Zoom Client versions prior to 5.5.4 on Ubuntu
- All Linux Client versions on other supported distributions
Source: Discovered by Michael Stramez and Matthias Deeg.
Severity: High
CVSS Score: Base: 7.8
CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description: A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service could allow a local Windows user to escalate privileges to those of the NT AUTHORITY/SYSTEM user.
The vulnerability is due to insufficient signature checks of dynamically loaded DLLs when loading a signed executable. An attacker could exploit this vulnerability by injecting a malicious DLL into a signed Zoom executable and using it to launch processes with elevated permissions.
Zoom addressed this issue in the 5.0.4 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- Zoom Windows installer (ZoomInstallerFull.msi) versions prior to 5.0.4
Source: Connor Scott of Context Information Security
Severity: High
CVSS Score: Base: 8.4
CVSS Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Description: A vulnerability in how the Zoom Windows installer handles junctions when deleting files could allow a local Windows user to delete files otherwise not deletable by the user.
The vulnerability is due to insufficient checking for junctions in the directory from which the installer deletes files, which is writable by standard users. A malicious local user could exploit this vulnerability by creating a junction in the affected directory that points to protected system files or other files to which the user does not have permissions. Upon running the Zoom Windows installer with elevated permissions, as is the case when it is run through managed deployment software, those files would get deleted from the system.
Zoom addressed this issue in the 4.6.10 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- Zoom Windows installer (ZoomInstallerFull.msi) versions prior to 4.6.10
Source: Thanks to the Lockheed Martin Red Team.
Severity: High
CVSS Score: Base: 7.5
CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Description: A vulnerability in the Zoom MacOS client could allow an attacker to download malicious software to a victim's device.
The vulnerability is due to improper input validation and validation of downloaded software in the ZoomOpener helper application. An attacker could exploit the vulnerability to prompt a victim's device to download files on the attacker's behalf. A successful exploit is only possible if the victim previously uninstalled the Zoom Client.
Zoom addressed this issue in the 4.4.52595.0425 client release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- Zoom MacOS client prior to version 4.4.52595.0425 and after version 4.1.27507.0627
Source: Unknown.
Severity: Low
CVSS Score: Base: 3.1
CVSS Vector String: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Description: A vulnerability in the MacOS Zoom and RingCentral clients could allow a remote, unauthenticated attacker to force a user to join a video call with the video camera active.
The vulnerability is due to insufficient authorization controls to check which systems may communicate with the local Zoom Web server running on port 19421. An attacker could exploit this vulnerability by creating a malicious website that causes the Zoom client to automatically join a meeting set up by the attacker.
Zoom implemented a new Video Preview dialog that is presented to the user before joining a meeting in Client version 4.4.5 published July 14, 2019. This dialog enables the user to join the meeting with or without video enabled and requires the user to set their desired default behavior for video. Zoom urges customers to install the latest Zoom Client release available at https://zoom.us/download.
Affected Products:
- Zoom MacOS Client prior to version 4.4.5
- RingCentral MacOS client prior to version 4.4.5
Source: Discovered by Jonathan Leitschuh.
Severity: Low
CVSS Score: Base: 3.1
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Description: A vulnerability in the MacOS Zoom client could allow a remote, unauthenticated attacker to trigger a denial-of-service condition on a victim's system.
The vulnerability is due to insufficient authorization controls to check which systems may communicate with the local Zoom Web server running on port 19421. An attacker could exploit this vulnerability by creating a malicious website that causes the Zoom client to repeatedly try to join a meeting with an invalid meeting ID. The infinite loop causes the Zoom client to become inoperative and can impact performance of the system on which it runs.
Zoom released version 4.4.2-hotfix of the MacOS client on April 28, 2019 to address the issue.
Affected Products:
- Zoom MacOS Client prior to version 4.4.5
- RingCentral MacOS client prior to version 4.4.5
Source: Discovered by Jonathan Leitschuh.
Severity: Low
CVSS Score: 7.4
CVSS Vector String: AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/CR:X/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X
Description: A vulnerability in the Zoom client could allow a remote, unauthenticated attacker to control meeting functionality such as ejecting meeting participants, sending chat messages, and controlling participant microphone muting. If the attacker was also a valid participant in the meeting and another participant was sharing their desktop screen, the attacker could also take control of that participant’s keyboard and mouse.
The vulnerability is due to the fact that Zoom's internal messaging pump dispatched both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages to the same message handler. An attacker can exploit this vulnerability to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.
Zoom released client updates to address this security vulnerability. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- Windows clients before version 4.1.34460.1105
- Mac clients before version 4.1.34475.1105
- Linux clients before version 2.5.146186.1130
- iOS clients before version 4.1.18 (4460.1105)
- Android clients before version 4.1.34489.1105
- Chrome clients before version 3.3.1635.1130
- Windows Zoom Room clients before version 4.1.6 (35121.1201)
- Mac Zoom Room clients before version 4.1.7 (35123.1201)
- Chrome Zoom Room clients before version 3.6.2895.1130
- Windows Zoom SDK before version 4.1.30384.1029
- Mac Zoom SDK before version 4.1.34180.1026
- iOS Zoom SDK before version 4.1.34076.1024
- Android Zoom SDK before version 4.1.34082.1024
- Zoom Virtual Room Connectors before version 4.1.4813.1201
- Zoom Meeting Connectors before version 4.3.135059.1129
- Zoom Recording Connectors before version 3.6.58865.1130
- The Zoom Cloud Skype for Business Connector was updated on 12/1/2018
- The Zoom Cloud Conference Room Connector was updated on 12/6/2018
Source: David Wells from Tenable.