Vulnerability · NVD

CVE-2024-24691

CRITICAL 9.6 Published on 2024-02-14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Attack vector : Network No privileges required

Show raw CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS 0.33% above median percentile 56.3%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.16.5 Fixed in 5.16.5 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.16.5	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗