CVE-2019-13449

Published: Jul 9, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.

Affected (1)

Products: Zoom: Zoom

Zoom

1 product

Zoom

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Zoom	Before 4.4.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf

Source: cve@mitre.org

Vendor Advisory

https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/

Source: cve@mitre.org

Vendor Advisory

https://bugs.chromium.org/p/chromium/issues/detail?id=951540

Source: cve@mitre.org

ExploitThird Party Advisory

https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Source: cve@mitre.org

https://twitter.com/zoom_us/status/1148710712241295361

Source: cve@mitre.org

Third Party Advisory

https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf