CVE-2024-45421

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

uffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24043/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::android::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::*
	cpe:2.3:a:zoom:rooms::::::ipad_os::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:rooms_controller::::::android::*
	cpe:2.3:a:zoom:rooms_controller::::::linux::*
	cpe:2.3:a:zoom:rooms_controller::::::macos::*
	cpe:2.3:a:zoom:rooms_controller::::::windows::*
	cpe:2.3:a:zoom:video_software_development_kit::::::android::*
	cpe:2.3:a:zoom:video_software_development_kit::::::iphone_os::*
	cpe:2.3:a:zoom:video_software_development_kit::::::linux::*
	cpe:2.3:a:zoom:video_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:video_software_development_kit::::::windows::*
	cpe:2.3:a:zoom:workplace::::::android::*
	cpe:2.3:a:zoom:workplace::::::iphone_os::*
	cpe:2.3:a:zoom:workplace_desktop::::::linux::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

05 Mar 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) El desbordamiento del búfer en algunas aplicaciones de Zoom puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.
First Time		Zoom rooms Zoom workplace Zoom video Software Development Kit Zoom meeting Software Development Kit Zoom rooms Controller Zoom Zoom workplace Desktop Zoom workplace Virtual Desktop Infrastructure
CWE		CWE-119
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ - Vendor Advisory
CPE		cpe:2.3:a:zoom:rooms_controller::::::android::* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::* cpe:2.3:a:zoom:video_software_development_kit::::::windows::* cpe:2.3:a:zoom:rooms::::::macos::* cpe:2.3:a:zoom:video_software_development_kit::::::android::* cpe:2.3:a:zoom:rooms_controller::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::windows::* cpe:2.3:a:zoom:workplace::::::iphone_os::* cpe:2.3:a:zoom:rooms::::::windows::* cpe:2.3:a:zoom:video_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:workplace_desktop::::::macos::* cpe:2.3:a:zoom:workplace::::::android::* cpe:2.3:a:zoom:meeting_software_development_kit::::::windows::* cpe:2.3:a:zoom:meeting_software_development_kit::::::linux::* cpe:2.3:a:zoom:rooms::::::ipad_os::* cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::* cpe:2.3:a:zoom:rooms_controller::::::linux::* cpe:2.3:a:zoom:video_software_development_kit::::::macos::* cpe:2.3:a:zoom:meeting_software_development_kit::::::android::* cpe:2.3:a:zoom:video_software_development_kit::::::linux::* cpe:2.3:a:zoom:meeting_software_development_kit::::::iphone_os::* cpe:2.3:a:zoom:workplace_desktop::::::linux::* cpe:2.3:a:zoom:workplace_desktop::::::windows::*

25 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-25 20:15

Updated : 2025-03-05 13:53

NVD link : CVE-2024-45421

Mitre link : CVE-2024-45421

CVE.ORG link : CVE-2024-45421

JSON object : View

Products Affected

zoom

CWE

CWE-122

Heap-based Buffer Overflow

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.5 /10