CVE-2021-34416

Name of the Vulnerable Software and Affected Versions: Zoom on-premise Meeting Connector versions prior to 4.6.360.20210325 Zoom on-premise Meeting Connector MMR versions prior to 4.6.360.20210325 Zoom on-premise Recording Connector versions prior to 3.8.44.20210326 Zoom on-premise Virtual Room Connector versions prior to 4.4.6752.20210326 Zoom on-premise Virtual Room Connector Load Balancer versions prior to 2.5.5495.20210326

Description: The network address administrative settings web portal for the Zoom on-premise products fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators.

Recommendations: For Zoom on-premise Meeting Connector versions prior to 4.6.360.20210325, update to version 4.6.360.20210325 or later. For Zoom on-premise Meeting Connector MMR versions prior to 4.6.360.20210325, update to version 4.6.360.20210325 or later. For Zoom on-premise Recording Connector versions prior to 3.8.44.20210326, update to version 3.8.44.20210326 or later. For Zoom on-premise Virtual Room Connector versions prior to 4.4.6752.20210326, update to version 4.4.6752.20210326 or later. For Zoom on-premise Virtual Room Connector Load Balancer versions prior to 2.5.5495.20210326, update to version 2.5.5495.20210326 or later.