CVE-2024-27240

July 15, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Zoom Apps for Windows

Source

security@zoom.us

Tags

CVE-2024-27240 details

Published : July 15, 2024, 6:15 p.m.
Last Modified : July 15, 2024, 6:15 p.m.

Description

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

CVSS Score

1 2 3 4 5 6 7.1 8 9 10

Weakness

Weakness Name Description
CWE-20 Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

7.1

Exploitability Score

1.8

Impact Score

5.2

Base Severity

HIGH

References

URL Source
https://www.zoom.com/en/trust/security-bulletin/zsb-24019 security@zoom.us
This website uses the NVD API, but is not approved or certified by it.