PT-2021-20519 · Zoom · Zoom Rooms For Conference Room For Windows

Published

2021-09-27

Updated

2021-10-06

CVE-2021-34411

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoom Rooms for Conference Room for Windows versions prior to 5.3.0

Description: The issue allows for the launch of Internet Explorer with elevated privileges during the installation process. If the installer is launched with elevated privileges, such as by SCCM, this can result in a local privilege escalation.

Recommendations: For versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue. As a temporary workaround, consider avoiding the launch of the installer with elevated privileges to minimize the risk of exploitation. Restrict access to the installation process to prevent potential abuse.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-34411

Affected Products

Zoom Rooms For Conference Room For Windows

PT-2021-20519 · Zoom · Zoom Rooms For Conference Room For Windows

CVE-2021-34411

Weakness Enumeration

Related Identifiers

Affected Products

References · 6