CVE-2024-45418
EUVD-2024-5392625.02.2025, 20:15
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zoom | meeting_software_development_kit | 𝑥 < 6.1.5 |
| zoom | rooms | 𝑥 < 6.1.5 |
| zoom | video_software_development_kit | 𝑥 < 6.1.5 |
| zoom | workplace_desktop | 𝑥 < 6.1.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-61 - UNIX Symbolic Link (Symlink) FollowingThe software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.