CVE-2024-27241

Published: Jul 15, 2024Modified: Aug 20, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Affected (14)

Products: Zoom: Meeting Software Development Kit, Rooms, Workplace, Workplace Desktop, Workplace Virtual Desktop Infrastructure

5 products

Meeting Software Development Kit

Workplace Desktop

Workplace Virtual Desktop Infrastructure

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Zoom Meeting Software Development Kit	Before 6.0.0
Zoom Meeting Software Development Kit	Before 6.0.0
Zoom Meeting Software Development Kit	Before 6.0.0
Zoom Meeting Software Development Kit	Before 6.0.0
Zoom Meeting Software Development Kit	Before 6.0.0
Zoom Rooms	Before 6.0.0
Zoom Rooms	Before 6.0.0
Zoom Rooms	Before 6.0.0
Zoom Workplace	Before 6.0.0
Zoom Workplace	Before 6.0.0
Zoom Workplace Desktop	Before 6.0.0
Zoom Workplace Desktop	Before 6.0.0
Zoom Workplace Desktop	Before 6.0.0
Zoom Workplace Virtual Desktop Infrastructure	Before 5.17.13

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.zoom.com/en/trust/security-bulletin/zsb-24020

Source: security@zoom.us

Vendor Advisory

https://www.zoom.com/en/trust/security-bulletin/zsb-24020

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.