Lucene search

Kaspersky LabKLA12380

HistoryNov 24, 2021 - 12:00 a.m.

KLA12380 Multiple vulnerabilities in Zoom

2021-11-2400:00:00

Kaspersky Lab

threats.kaspersky.com

zoom

vulnerabilities

data theft

code execution

denial of service

security bypass

buffer overflow

sensitive information

cve-2021-34424

cve-2021-34423

update

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Multiple vulnerabilities were found in Zoom. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

Security bypass vulnerability in can be exploited to obtain sensitive information or cause denial of service.
Buffer overflow vulnerability in can be exploited to execute arbitrary code.

Original advisories

Zoom Security Bulletin

Related products

Zoom-MSI

CVE list

CVE-2021-34424 critical

CVE-2021-34423 critical

Solution

Update to the latest version

Download Zoom

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.