CVE-2021-34424

Published: Nov 24, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.

Affected (26)

Products: Zoom: Meetings, Meetings For Blackberry, Meetings For Intune, Meetings For Chrome Os, Rooms For Conference Rooms, Controllers For Zoom Rooms, Virtual Desktop Infrastructure, Android Meeting Sdk, Iphone Os Meeting Sdk, Macos Meeting Sdk, Windows Meeting Sdk, Android Video Sdk, Iphone Os Video Sdk, Macos Video Sdk, Windows Video Sdk, Hybrid Mmr, Hybrid Zproxy, Zoom On Premise Meeting Connector Controller, Zoom On Premise Meeting Connector Mmr, Zoom On Premise Recording Connector, Zoom On Premise Virtual Room Connector, Zoom On Premise Virtual Room Connector Load Balancer, Vdi Azure Virtual Desktop, Vdi Citrix, Vdi Vmware

Zoom

25 products

Meetings

Meetings For Blackberry

Meetings For Intune

Meetings For Chrome Os

Rooms For Conference Rooms

Controllers For Zoom Rooms

Virtual Desktop Infrastructure

Android Meeting Sdk

Iphone Os Meeting Sdk

Zoom On Premise Meeting Connector Controller

Zoom On Premise Meeting Connector Mmr

Zoom On Premise Recording Connector

Zoom On Premise Virtual Room Connector

Zoom On Premise Virtual Room Connector Load Balancer

Vdi Azure Virtual Desktop

Vdi Citrix

Vdi Vmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings	Before 5.8.3

Configuration D

1 platform

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings	Before 5.8.4

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings For Blackberry	Before 5.8.1

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings For Intune	Before 5.8.4

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Meetings For Chrome Os	Before 5.0.1

Configuration L

1 platform

Running on/with	Platform Versions
Apple Macos	All versions

Configuration M

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Rooms For Conference Rooms	Before 5.8.3

Configuration N

1 platform

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration O

1 platform

Running on/with	Platform Versions
Apple Iphone Os	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zoom Controllers For Zoom Rooms	Before 5.8.3

Running on/with	Platform Versions
Google Android	All versions

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Virtual Desktop Infrastructure	Before 5.8.4

Configuration R

4 vulnerable

Vulnerable Software	Affected Versions
Zoom Android Meeting Sdk	Before 5.7.6.1922
Zoom Iphone Os Meeting Sdk	Before 5.7.6.1082
Zoom Macos Meeting Sdk	Before 5.7.6.1340
Zoom Windows Meeting Sdk	Before 5.7.6.1081

Configuration S

4 vulnerable

Vulnerable Software	Affected Versions
Zoom Android Video Sdk	Before 1.1.2
Zoom Iphone Os Video Sdk	Before 1.1.2
Zoom Macos Video Sdk	Before 1.1.2
Zoom Windows Video Sdk	Before 1.1.2

Configuration T

7 vulnerable

Vulnerable Software	Affected Versions
Zoom Hybrid Mmr	Before 4.6.20211116.131
Zoom Hybrid Zproxy	Before 1.0.1058.20211116
Zoom Zoom On Premise Meeting Connector Controller	Before 4.8.12.20211115
Zoom Zoom On Premise Meeting Connector Mmr	Before 4.8.12.20211115
Zoom Zoom On Premise Recording Connector	Before 5.1.0.65.20211116
Zoom Zoom On Premise Virtual Room Connector	Before 4.4.7266.20211117
Zoom Zoom On Premise Virtual Room Connector Load Balancer	Before 2.5.5692.20211117