Vulnerability Details : CVE-2019-13450
Potential exploit
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
Products affected by CVE-2019-13450
- cpe:2.3:a:zoom:zoom:*:*:*:*:*:mac_os_x:*:*
- cpe:2.3:a:ringcentral:ringcentral:7.0.136380.0312:*:*:*:*:mac_os_x:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13450
3.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13450
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-13450
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-13450
-
https://bugs.chromium.org/p/chromium/issues/detail?id=951540
951540 - Security: Bypass of localhost CORS protections by utilizing GET request for an Image - chromium - MonorailExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/109082
Zoom Client CVE-2019-13450 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
https://twitter.com/zoom_us/status/1148710712241295361
Zoom on Twitter: "[Update] The July 9 patch to the Zoom app on Mac devices detailed earlier on our blog is now live. Details on the various fixes contained within it are explained, as well as how to uThird Party Advisory
-
https://news.ycombinator.com/item?id=20387298
Vulnerability in the Mac Zoom client allows malicious websites to enable camera | Hacker NewsIssue Tracking;Third Party Advisory
-
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
Response to Video-On Concern - Zoom BlogVendor Advisory
-
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!Third Party Advisory
-
https://twitter.com/moreati/status/1148548799813640193
Alex Willmer on Twitter: "From what I can tell https://t.co/bZ5vlJDcr7 (joining video calls without user interaction) affects Zoom on Windows and Linux, as well as macOS. That's not clear from the MedThird Party Advisory
-
https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf
Vendor Advisory
Jump to