Lucene search

[email protected]NVD:CVE-2021-34415

HistorySep 27, 2021 - 2:15 p.m.

CVE-2021-34415

2021-09-2714:15:08

CWE-770

[email protected]

web.nvd.nist.gov

zoom

on-premise

meeting connector

vulnerability

resource exhaustion

system crash

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.

Affected configurations

Nvd

Node

zoommeeting_connectorRange<4.6.358.20210205

VendorProductVersionCPE
zoommeeting_connector*cpe:2.3:a:zoom:meeting_connector:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zoom	meeting_connector	*	cpe:2.3:a:zoom:meeting_connector::::::::

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.5%

JSON

Related for NVD:CVE-2021-34415

cvelist1 prion1 cve1