PT-2021-4712 · Zoom+1 · Zoom Client For Meetings+2

Published

2021-09-27

Updated

2021-10-06

CVE-2021-34412

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings for Windows versions prior to 5.4.0

Description The issue is related to insufficient access control in the Zoom Client for Meetings for Windows, which can be exploited to gain elevated privileges. During the installation process, it is possible to launch Internet Explorer, and if the installer is launched with elevated privileges, such as by SCCM, this can result in a local privilege escalation.

Recommendations For versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of the Zoom Client for Meetings for Windows with elevated privileges until a patch is applied. Restrict access to the installation process to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2021-05416

CVE-2021-34412

Affected Products

Internet Explorer

Sccm

Zoom Client For Meetings

PT-2021-4712 · Zoom+1 · Zoom Client For Meetings+2

CVE-2021-34412

Weakness Enumeration

Related Identifiers

Affected Products

References · 7