Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistZoomCVELIST:CVE-2021-34425
HistoryDec 14, 2021 - 7:25 p.m.

CVE-2021-34425 Server Side Request Forgery in Zoom Client for Meetings chat

2021-12-1419:25:59
Zoom
www.cve.org
3
zoom
server side request forgery
meetings
vulnerability
link preview
http get requests

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.5%

JSON

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat's “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat's “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.

CNA Affected

[
  {
    "product": "Zoom Client for Meetings for Android",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Client for Meetings for iOS",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Client for Meetings for Linux",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Client for Meetings for macOS",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Zoom Client for Meetings for Windows",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "lessThan": "5.7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cnvd 1
prion 1
openvas 1
nessus 1
cve 1
nvd 1
cnvd
cnvd
Zoom Client server-side request forgery vulnerability
2021-12-19 00:00:00
prion
prion
Server side request forgery (ssrf)
2021-12-14 20:15:00
openvas
openvas
Zoom Client < 5.7.3 SSRF Vulnerability (ZSB-21021)
2021-12-16 00:00:00
nessus
nessus
Zoom Client for Meetings < 5.7.3 Vulnerability (ZSB-21021)
2022-12-15 00:00:00
cve
cve
CVE-2021-34425
2021-12-14 20:15:07
nvd
nvd
CVE-2021-34425
2021-12-14 20:15:07

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.5%

JSON
Related for CVELIST:CVE-2021-34425
cnvd1prion1openvas1nessus1cve1nvd1