Critical Vulnerability in Zoom Products for Windows

Published on 15 Feb 2024

Zoom has released security updates to address a critical vulnerability (CVE-2024-24691) in their products. The vulnerability has a Common Vulnerability Scoring System (CVSS3.1) score of 9.6 out of 10.

Successful exploitation of the improper input validation vulnerability may allow an unauthenticated attacker to escalate their privileges on the target system over the network.

The critical vulnerability affects the following Zoom products:

  • Zoom Desktop Client for Windows before version 5.16.5
  • Zoom VDI Client for Windows before version 5.16.10, excluding 5.14.14 and 5.15.12
  • Zoom Rooms Client for Windows before version 5.17.0
  • Zoom Meeting SDK for Windows before version 5.16.5

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/

https://nvd.nist.gov/vuln/detail/CVE-2024-24691

Tags
Alerts Alerts & Advisories
Share