PT-2021-4686 · Zoom · Zoom Client For Meetings

Published

2021-09-27

Updated

2022-07-12

CVE-2021-34408

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings for Windows versions prior to 5.3.2

Description The issue is related to the Zoom Client for Meetings for Windows writing log files to a user-writable directory as a privileged user during installation or update. This could potentially allow for privilege escalation if a link is created between the user-writable directory and a non-user writable directory. The vulnerability is associated with insufficient access control, which could enable an attacker to elevate their privileges.

Recommendations For versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the user-writable directory used by the Zoom Client for Meetings for Windows to minimize the risk of exploitation.

Fix

Link Following

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-269

Related Identifiers

BDU:2021-05381

CVE-2021-34408

Affected Products

Zoom Client For Meetings

PT-2021-4686 · Zoom · Zoom Client For Meetings

CVE-2021-34408

Weakness Enumeration

Related Identifiers

Affected Products

References · 7