CRITICAL🇵🇱 Wersja polska

CVE-2024-24691

CVSS 9.6v3.1pub. 2024-02-14upd. 2024-11-21

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Zoom Meeting Software Development Kit

    APP
    Zoom
    < 5.16.5
  • Zoom Rooms

    APP
    Zoom
    < 5.17.0
  • Zoom Vdi Windows Meeting Clients

    APP
    Zoom
    < 5.14.14< 5.15.12< 5.16.10
  • Zoom

    APP
    Zoom
    < 5.16.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-49457CRITICAL9.6PL ✓ten sam produkt

Untrusted search path w klientach Zoom dla Windows — privilege escalation przez sieć

CVE-2023-39213CRITICAL9.6ten sam produkt

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...

CVE-2023-39216CRITICAL9.6ten sam produkt

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user t...

CVE-2023-36534CRITICAL9.3ten sam produkt

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an...

CVE-2022-28755CRITICAL9.6ten sam produkt

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptib...