Description:
Zoom has published a security advisory to address multiple vulnerabilities in Zoom products. The list of advisories can be found at:
https://www.zoom.com/en/trust/security-bulletin
Reports indicate that the elevation of privilege vulnerabilities (CVE-2024-24697 and CVE-2024-24691) in Zoom products are at a high risk of exploitation. System administrators and users are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Zoom Desktop Client for Linux prior to version 5.17.0
- Zoom Desktop Client for Windows prior to version 5.17.0
- Zoom Desktop Client for macOS prior to version 5.17.0
- Zoom Meeting SDK for Windows prior to version 5.17.0
- Zoom Meeting SDKs prior to version 5.17.0
- Zoom Mobile App for Android prior to version 5.17.0
- Zoom Mobile App for iOS prior to version 5.17.0
- Zoom Rooms Client for Windows prior to version 5.17.0
- Zoom Rooms Clients prior to version 5.17.0
- Zoom VDI Client for Windows before version 5.17.5
- Zoom Video SDK for Windows prior to version 5.16.5
Impact:
Successful exploitation of the vulnerabilities could lead to denial of service, elevation of privilege or information disclosure on an affected system.
Recommendation:
Patches for affected products are available. System administrators and users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.zoom.com/en/trust/security-bulletin
- https://www.zoom.com/en/trust/security-bulletin/ZSB-24002 (to ZSB-24008)
- https://www.hkcert.org/security-bulletin/zoom-products-multiple-vulnerabilities_20240214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24690 (to CVE-2024-24991)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24695 (to CVE-2024-24699)