CVE-2024-24691

Name of the Vulnerable Software and Affected Versions Zoom Desktop Client for Windows versions prior to 5.17.7 Zoom VDI Client for Windows versions prior to 5.16.10 (excluding versions 5.14.14 and 5.15.12) Zoom Rooms for Windows versions prior to 5.17.0 Zoom Meeting SDK for Windows versions prior to 5.16.5

Description The issue is related to improper input validation in Zoom software for Windows, which may allow an unauthenticated user to conduct an escalation of privilege via network access. This flaw affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The vulnerability is critical and has a CVSS score of 9.6. It is estimated that over 300 million daily users of Zoom may be potentially affected. There is no information about real-world incidents where this issue was exploited.

Recommendations For Zoom Desktop Client for Windows versions prior to 5.17.7, update to version 5.17.7 or later. For Zoom VDI Client for Windows versions prior to 5.16.10 (excluding versions 5.14.14 and 5.15.12), update to version 5.16.10 or later. For Zoom Rooms for Windows versions prior to 5.17.0, update to version 5.17.0 or later. For Zoom Meeting SDK for Windows versions prior to 5.16.5, update to version 5.16.5 or later. As a temporary workaround, consider restricting network access to vulnerable systems until a patch is applied.