CVE-2021-34418

Name of the Vulnerable Software and Affected Versions Zoom On-Premise Meeting Connector versions prior to 4.6.239.20200613 Zoom On-Premise Meeting Connector MMR versions prior to 4.6.239.20200613 Zoom On-Premise Recording Connector versions prior to 3.8.42.20200905 Zoom On-Premise Virtual Room Connector versions prior to 4.4.6344.20200612 Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5492.20200616

Description The login routine of the web console fails to validate that a NULL byte was sent while authenticating, which could lead to a crash of the login service. This issue is related to a null pointer dereference, and its exploitation may allow an attacker to cause a denial of service.

Recommendations For Zoom On-Premise Meeting Connector versions prior to 4.6.239.20200613, update to version 4.6.239.20200613 or later. For Zoom On-Premise Meeting Connector MMR versions prior to 4.6.239.20200613, update to version 4.6.239.20200613 or later. For Zoom On-Premise Recording Connector versions prior to 3.8.42.20200905, update to version 3.8.42.20200905 or later. For Zoom On-Premise Virtual Room Connector versions prior to 4.4.6344.20200612, update to version 4.4.6344.20200612 or later. For Zoom On-Premise Virtual Room Connector Load Balancer versions prior to 2.5.5492.20200616, update to version 2.5.5492.20200616 or later.