CVE-2021-34424 Information

Jun 07, 2022 cve

Description

A vulnerability was discovered in the Zoom Client for Meetings (for Android iOS Linux macOS and Windows) before version 5.8.4 Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1 Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4 Zoom Client for Meetings for Chrome OS before version 5.0.1 Zoom Rooms for Conference Room (for Android AndroidBali macOS and Windows) before version 5.8.3 Controllers for Zoom Rooms (for Android iOS and Windows) before version 5.8.3 Zoom VDI Windows Meeting Client before version 5.8.4 Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64 IGEL x64 Ubuntu x64 HP ThinPro OS x64) before version 5.8.4.21112 Zoom VDI Citrix Plugins (for Windows x86 or x64 Mac Universal Installer & Uninstaller IGEL x64 eLux RP6 x64 HP ThinPro OS x64 Ubuntu x64 CentOS x 64 Dell ThinOS) before version 5.8.4.21112 Zoom VDI VMware Plugins (for Windows x86 or x64 Mac Universal Installer & Uninstaller IGEL x64 eLux RP6 x64 HP ThinPro OS x64 Ubuntu x64 CentOS x 64 Dell ThinOS) before version 5.8.4.21112 Zoom Meeting SDK for Android before version 5.7.6.1922 Zoom Meeting SDK for iOS before version 5.7.6.1082 Zoom Meeting SDK for macOS before version 5.7.6.1340 Zoom Meeting SDK for Windows before version 5.7.6.1081 Zoom Video SDK (for Android iOS macOS and Windows) before version 1.1.2 Zoom on-premise Meeting Connector before version 4.8.12.20211115 Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115 Zoom on-premise Recording Connector before version 5.1.0.65.20211116 Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117 Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117 Zoom Hybrid Zproxy before version 1.0.1058.20211116 and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://explore.zoom.us/en/trust/security/security-bulletin http://packetstormsecurity.com/files/165419/Zoom-MMR-Server-Information-Leak.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: