CVE-2024-24699

EUVD-2024-22098
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ZoomCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
zoommeeting_sdk
𝑥
< 5.16.5
zoomrooms
𝑥
< 5.17.0
zoomvdi_windows_meeting_clients
𝑥
< 5.15.15
zoomvdi_windows_meeting_clients
5.15.15 <
𝑥
< 5.16.10
zoomvdi_windows_meeting_clients
5.16.10 <
𝑥
< 5.17.5
zoomzoom
𝑥
< 5.16.5
zoomzoom
𝑥
< 5.16.5
zoomzoom
𝑥
< 5.16.5
𝑥
= Vulnerable software versions
References
https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/
https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/