Vulnerability · NVD

CVE-2018-15715

CRITICAL 9.8 Published on 2018-11-30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Attack vector : Network No privileges required No user interaction

Show raw CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS 1.40% above median percentile 80.8%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom macOS us.zoom.xos

Affected <4.1.34801.1116 Fixed in 4.1.34801.1116 Latest tracked — undetermined
Zoom Workplace Windows winget:Zoom.Zoom

Affected <4.1.34814.1119 Fixed in 4.1.34814.1119 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (2)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom macOS	macOS	<4.1.34801.1116	cpe:2.3:a:zoom:zoom::::::mac_os_x::*
zoom	zoom Windows	Windows	<4.1.34814.1119	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗