Vulnerability · NVD

CVE-2024-24694

MEDIUM 5.9 Published on 2024-04-09

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Attack vector : Local

Show raw CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

EPSS 0.03% exploit very unlikely percentile 10.4%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.7.10 Fixed in 5.7.10 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.7.10	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗