Versio.io

CVE-2021-34423

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 24-11-2021 06:15
Last modified: - 29-04-2022 07:57
Total changes: - 5

Description

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=zoom AND product=meetings AND versionEndExcluding=5.8.3
OR
vendor=google AND product=android AND version=-
AND
OR
vendor=zoom AND product=meetings AND versionEndExcluding=5.8.4
OR
vendor=apple AND product=macos AND version=-
AND
OR
vendor=zoom AND product=meetings AND versionEndExcluding=5.8.4
OR
vendor=apple AND product=iphone_os AND version=-
AND
OR
vendor=zoom AND product=meetings AND versionEndExcluding=5.8.4
OR
vendor=linux AND product=linux_kernel AND version=-
AND
OR
vendor=zoom AND product=meetings AND versionEndExcluding=5.8.4
OR
vendor=microsoft AND product=windows AND version=-
AND
OR
vendor=zoom AND product=meetings_for_blackberry AND versionEndExcluding=5.8.1
OR
vendor=google AND product=android AND version=-
AND
OR
vendor=zoom AND product=meetings_for_blackberry AND versionEndExcluding=5.8.1
OR
vendor=apple AND product=iphone_os AND version=-
AND
OR
vendor=zoom AND product=meetings_for_intune AND versionEndExcluding=5.8.4
OR
vendor=apple AND product=iphone_os AND version=-
AND
OR
vendor=zoom AND product=meetings_for_intune AND versionEndExcluding=5.8.4
OR
vendor=google AND product=android AND version=-
OR
vendor=zoom AND product=meetings_for_chrome_os AND versionEndExcluding=5.0.1
AND
OR
vendor=zoom AND product=rooms_for_conference_rooms AND versionEndExcluding=5.8.3
OR
vendor=google AND product=android AND version=-
AND
OR
vendor=zoom AND product=rooms_for_conference_rooms AND versionEndExcluding=5.8.3
OR
vendor=apple AND product=macos AND version=-
AND
OR
vendor=zoom AND product=rooms_for_conference_rooms AND versionEndExcluding=5.8.3
OR
vendor=microsoft AND product=windows AND version=-
AND
OR
vendor=zoom AND product=controllers_for_zoom_rooms AND versionEndExcluding=5.8.3
OR
vendor=microsoft AND product=windows AND version=-
AND
OR
vendor=zoom AND product=controllers_for_zoom_rooms AND versionEndExcluding=5.8.3
OR
vendor=apple AND product=iphone_os AND version=-
AND
OR
vendor=zoom AND product=controllers_for_zoom_rooms AND versionEndExcluding=5.8.3
OR
vendor=google AND product=android AND version=-
OR
vendor=zoom AND product=virtual_desktop_infrastructure AND versionEndExcluding=5.8.4
OR
vendor=zoom AND product=android_meeting_sdk AND versionEndExcluding=5.7.6.1922
vendor=zoom AND product=iphone_os_meeting_sdk AND versionEndExcluding=5.7.6.1082
vendor=zoom AND product=macos_meeting_sdk AND versionEndExcluding=5.7.6.1340
vendor=zoom AND product=windows_meeting_sdk AND versionEndExcluding=5.7.6.1081
OR
vendor=zoom AND product=android_video_sdk AND versionEndExcluding=1.1.2
vendor=zoom AND product=iphone_os_video_sdk AND versionEndExcluding=1.1.2
vendor=zoom AND product=macos_video_sdk AND versionEndExcluding=1.1.2
vendor=zoom AND product=windows_video_sdk AND versionEndExcluding=1.1.2
OR
vendor=zoom AND product=hybrid_mmr AND versionEndExcluding=4.6.20211116.131
vendor=zoom AND product=hybrid_zproxy AND versionEndExcluding=1.0.1058.20211116
vendor=zoom AND product=zoom_on-premise_meeting_connector_controller AND versionEndExcluding=4.8.12.20211115
vendor=zoom AND product=zoom_on-premise_meeting_connector_mmr AND versionEndExcluding=4.8.12.20211115
vendor=zoom AND product=zoom_on-premise_recording_connector AND versionEndExcluding=5.1.0.65.20211116
vendor=zoom AND product=zoom_on-premise_virtual_room_connector AND versionEndExcluding=4.4.7266.20211117
vendor=zoom AND product=zoom_on-premise_virtual_room_connector_load_balancer AND versionEndExcluding=2.5.5692.20211117
OR
vendor=zoom AND product=vdi_azure_virtual_desktop AND versionEndExcluding=5.8.4.21112
vendor=zoom AND product=vdi_citrix AND versionEndExcluding=5.8.4.21112
vendor=zoom AND product=vdi_vmware AND versionEndExcluding=5.8.4.21112
vendor=zoom AND product=vdi_windows_meeting_client AND versionEndExcluding=5.8.4
 

Reference

 


Keywords

NVD

 

CVE-2021-34423

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.