PT-2021-20522 · Zoom · Zoom On-Premise Meeting Connector Controller

Nikita Abramov

Published

2021-09-27

Updated

2022-07-12

CVE-2021-34415

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Zoom On-Premise Meeting Connector Controller versions prior to 4.6.358.20210205

Description: The Zone Controller service does not verify the cnt field sent in incoming network packets, leading to exhaustion of resources and system crash.

Recommendations: For versions prior to 4.6.358.20210205, update to version 4.6.358.20210205 or later to resolve the issue. As a temporary workaround, consider restricting incoming network packets to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2021-34415

Affected Products

Zoom On-Premise Meeting Connector Controller

PT-2021-20522 · Zoom · Zoom On-Premise Meeting Connector Controller

CVE-2021-34415

Weakness Enumeration

Related Identifiers

Affected Products

References · 7