Main Vulnerability Database Vulnerabilities #VU25795

#VU25795 Insufficient Session Expiration in Zoom administrator portal

Published: March 6, 2020

Vulnerability identifier: #VU25795

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-613

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zoom administrator portal

Software vendor:
Zoom Video Communications, Inc.

Description

The vulnerability allows a remote user to gain access to target system.

The vulnerability exists due to insufficient session expiration issue in Zoom Conference Room Connector services. A remote administrator with access to the connected device can access the room administration interface, even if this access is revoked by removing the user from the administrator group or by deleting the user altogether.

Remediation

Install updates from vendor's website.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0969

#VU25795 Insufficient Session Expiration in Zoom administrator portal

Description

Remediation

External links

Please verify you're human