#VU25795 Insufficient Session Expiration in Zoom administrator portal
Vulnerability identifier: #VU25795
Vulnerability risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-613
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Zoom administrator portal
Server applications /
Conferencing, Collaboration and VoIP solutions
Vendor: Zoom Video Communications, Inc.
Description
The vulnerability allows a remote user to gain access to target system.
The vulnerability exists due to insufficient session expiration issue in Zoom Conference Room Connector services. A remote administrator with access to the connected device can access the room administration interface, even if this access is revoked by removing the user from the administrator group or by deleting the user altogether.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Zoom administrator portal: 25.11.2019
External links
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0969
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
