CVE-2021-34417

Name of the Vulnerable Software and Affected Versions Zoom On-Premise Meeting Connector Controller versions prior to 4.6.365.20210703 Zoom On-Premise Meeting Connector MMR versions prior to 4.6.365.20210703 Zoom On-Premise Recording Connector versions prior to 3.8.45.20210703 Zoom On-Premise Virtual Room Connector versions prior to 4.4.6868.20210703 Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5496.20210703

Description The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary code. Specifically, the network proxy page on the web portal for certain Zoom products fails to validate input sent in requests to set the network proxy password, potentially leading to remote command injection by a web portal administrator.

Recommendations For Zoom On-Premise Meeting Connector Controller versions prior to 4.6.365.20210703, update to version 4.6.365.20210703 or later. For Zoom On-Premise Meeting Connector MMR versions prior to 4.6.365.20210703, update to version 4.6.365.20210703 or later. For Zoom On-Premise Recording Connector versions prior to 3.8.45.20210703, update to version 3.8.45.20210703 or later. For Zoom On-Premise Virtual Room Connector versions prior to 4.4.6868.20210703, update to version 4.4.6868.20210703 or later. For Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5496.20210703, update to version 2.5.5496.20210703 or later. As a temporary workaround, consider restricting access to the network proxy page on the web portal to minimize the risk of exploitation.