CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ZoomCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
zoommeeting_sdk
𝑥
< 5.16.5
zoomrooms
𝑥
< 5.17.0
zoomvdi_windows_meeting_clients
𝑥
< 5.15.15
zoomvdi_windows_meeting_clients
5.15.15 <
𝑥
< 5.16.10
zoomvdi_windows_meeting_clients
5.16.10 <
𝑥
< 5.17.5
zoomzoom
𝑥
< 5.16.5
zoomzoom
𝑥
< 5.16.5
zoomzoom
𝑥
< 5.16.5
𝑥
= Vulnerable software versions
References
https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/
https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/