CVE-2024-27244

Published: May 15, 2024Modified: Aug 21, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Affected (2)

Products: Zoom: Workplace Virtual Desktop Infrastructure

Zoom

1 product

Workplace Virtual Desktop Infrastructure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zoom Workplace Virtual Desktop Infrastructure	Before 5.15.0
Zoom Workplace Virtual Desktop Infrastructure	From 5.16.0 to 5.17.10

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.zoom.com/en/trust/security-bulletin/zsb-24015/

Source: security@zoom.us

Vendor Advisory

https://www.zoom.com/en/trust/security-bulletin/zsb-24015/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.