CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2021-34423

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.
Publish Date : 2021-11-24 Last Update Date : 2022-04-29
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
7.5
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute CodeOverflow
CWE ID 120

- Products Affected By CVE-2021-34423

# Product Type Vendor Product Version Update Edition Language
1 Application Zoom Android Meeting Sdk * * * * Version Details Vulnerabilities
2 Application Zoom Android Video Sdk * * * * Version Details Vulnerabilities
3 Application Zoom Hybrid Mmr * * * * Version Details Vulnerabilities
4 Application Zoom Hybrid Zproxy * * * * Version Details Vulnerabilities
5 Application Zoom Iphone Os Meeting Sdk * * * * Version Details Vulnerabilities
6 Application Zoom Iphone Os Video Sdk * * * * Version Details Vulnerabilities
7 Application Zoom Macos Meeting Sdk * * * * Version Details Vulnerabilities
8 Application Zoom Macos Video Sdk * * * * Version Details Vulnerabilities
9 Application Zoom Meetings For Chrome Os * * * * Version Details Vulnerabilities
10 Application Zoom Vdi Azure Virtual Desktop * * * * Version Details Vulnerabilities
11 Application Zoom Vdi Citrix * * * * Version Details Vulnerabilities
12 Application Zoom Vdi Vmware * * * * Version Details Vulnerabilities
13 Application Zoom Vdi Windows Meeting Client * * * * Version Details Vulnerabilities
14 Application Zoom Virtual Desktop Infrastructure * * * * Version Details Vulnerabilities
15 Application Zoom Windows Meeting Sdk * * * * Version Details Vulnerabilities
16 Application Zoom Windows Video Sdk * * * * Version Details Vulnerabilities
17 Application Zoom Zoom On-premise Meeting Connector Controller * * * * Version Details Vulnerabilities
18 Application Zoom Zoom On-premise Meeting Connector Mmr * * * * Version Details Vulnerabilities
19 Application Zoom Zoom On-premise Recording Connector * * * * Version Details Vulnerabilities
20 Application Zoom Zoom On-premise Virtual Room Connector * * * * Version Details Vulnerabilities
21 Application Zoom Zoom On-premise Virtual Room Connector Load Balancer * * * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Zoom Android Meeting Sdk 1
Zoom Android Video Sdk 1
Zoom Hybrid Mmr 1
Zoom Hybrid Zproxy 1
Zoom Iphone Os Meeting Sdk 1
Zoom Iphone Os Video Sdk 1
Zoom Macos Meeting Sdk 1
Zoom Macos Video Sdk 1
Zoom Meetings For Chrome Os 1
Zoom Vdi Azure Virtual Desktop 1
Zoom Vdi Citrix 1
Zoom Vdi Vmware 1
Zoom Vdi Windows Meeting Client 1
Zoom Virtual Desktop Infrastructure 1
Zoom Windows Meeting Sdk 1
Zoom Windows Video Sdk 1
Zoom Zoom On-premise Meeting Connector Controller 1
Zoom Zoom On-premise Meeting Connector Mmr 1
Zoom Zoom On-premise Recording Connector 1
Zoom Zoom On-premise Virtual Room Connector 1
Zoom Zoom On-premise Virtual Room Connector Load Balancer 1

- References For CVE-2021-34423

http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html
https://explore.zoom.us/en/trust/security/security-bulletin

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0
Vulnerability is valid if product versions listed below are used 0

- Metasploit Modules Related To CVE-2021-34423

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.