Privilege escalation in Zoom Workplace Desktop App and Zoom Rooms Client for macOS



Published: 2024-08-13
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-42441
CVE-2024-42442
CWE-ID CWE-269
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Zoom Workplace Desktop App for macOS
Client/Desktop applications / Office applications

Zoom Rooms for macOS
Client/Desktop applications / Messaging software

Vendor Zoom Video Communications, Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper privilege management

EUVDB-ID: #VU95822

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42441

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 6.1.1 36333

Zoom Rooms for macOS: 5.0.0 2236.0426 - 6.1.2 6877

External links

http://www.zoom.com/en/trust/security-bulletin/ZSB-24034/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper privilege management

EUVDB-ID: #VU95823

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42442

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 6.1.1 36333

Zoom Rooms for macOS: 5.0.0 2236.0426 - 6.1.2 6877

External links

http://www.zoom.com/en/trust/security-bulletin/ZSB-24034/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###