CVE-2021-34414

Name of the Vulnerable Software and Affected Versions: Zoom on-premise Meeting Connector Controller versions prior to 4.6.348.20201217 Zoom on-premise Meeting Connector MMR versions prior to 4.6.348.20201217 Zoom on-premise Recording Connector versions prior to 3.8.42.20200905 Zoom on-premise Virtual Room Connector versions prior to 4.4.6620.20201110 Zoom on-premise Virtual Room Connector Load Balancer versions prior to 2.5.5495.20210326

Description: The network proxy page on the web portal for the affected Zoom products fails to validate input sent in requests to update the network proxy configuration, which could lead to remote command injection on the on-premise image by a web portal administrator.

Recommendations: For Zoom on-premise Meeting Connector Controller versions prior to 4.6.348.20201217, update to version 4.6.348.20201217 or later. For Zoom on-premise Meeting Connector MMR versions prior to 4.6.348.20201217, update to version 4.6.348.20201217 or later. For Zoom on-premise Recording Connector versions prior to 3.8.42.20200905, update to version 3.8.42.20200905 or later. For Zoom on-premise Virtual Room Connector versions prior to 4.4.6620.20201110, update to version 4.4.6620.20201110 or later. For Zoom on-premise Virtual Room Connector Load Balancer versions prior to 2.5.5495.20210326, update to version 2.5.5495.20210326 or later.