Zoom Rooms
By the Year
In 2024 there have been 14 vulnerabilities in Zoom Rooms with an average score of 6.0 out of ten. Last year Rooms had 27 security vulnerabilities published. Right now, Rooms is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 1.43
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 14 | 6.01 |
2023 | 27 | 7.44 |
2022 | 6 | 7.13 |
2021 | 2 | 7.80 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Rooms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zoom Rooms Security Vulnerabilities
Protection mechanism failure for some Zoom Workplace Apps and SDKs may
CVE-2024-39818
6.5 - Medium
- August 14, 2024
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
Insufficiently Protected Credentials
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may
CVE-2024-42441
6.7 - Medium
- August 14, 2024
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may
CVE-2024-42440
6.7 - Medium
- August 14, 2024
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42438
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42437
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42436
6.5 - Medium
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Memory Corruption
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42435
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may
CVE-2024-39825
8.5 - High
- August 14, 2024
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
Memory Corruption
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39824
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39823
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-39822
6.5 - Medium
- August 14, 2024
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may
CVE-2024-42434
4.9 - Medium
- August 14, 2024
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may
CVE-2024-24693
5.5 - Medium
- March 13, 2024
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may
CVE-2024-24692
4.7 - Medium
- March 13, 2024
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
TOCTTOU
Link following in Zoom Rooms for macOS before version 5.16.0 may
CVE-2023-43590
7.8 - High
- November 15, 2023
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
insecure temporary file
Improper authorization in some Zoom clients may
CVE-2023-43582
8.8 - High
- November 15, 2023
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
authentification
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may
CVE-2023-43591
7.8 - High
- November 15, 2023
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Cryptographic issues with In-Meeting Chat for some Zoom clients may
CVE-2023-39199
6.5 - Medium
- November 14, 2023
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may
CVE-2023-39202
5.5 - Medium
- November 14, 2023
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
Untrusted Path
Buffer overflow in some Zoom clients may
CVE-2023-39204
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Buffer overflow in some Zoom clients may
CVE-2023-39206
7.5 - High
- November 14, 2023
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Classic Buffer Overflow
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may
CVE-2023-39214
8.1 - High
- August 08, 2023
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Exposure of Resource to Wrong Sphere
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may
CVE-2023-39211
7.8 - High
- August 08, 2023
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
Improper Privilege Management
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may
CVE-2023-39212
5.5 - Medium
- August 08, 2023
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.
Untrusted Path
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may
CVE-2023-39218
4.9 - Medium
- August 08, 2023
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may
CVE-2023-36535
6.5 - Medium
- August 08, 2023
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
Buffer overflow in Zoom Clients before 5.14.5 may
CVE-2023-36532
7.5 - High
- August 08, 2023
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
Memory Corruption
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may
CVE-2023-34118
7.8 - High
- July 11, 2023
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may
CVE-2023-34119
7.8 - High
- July 11, 2023
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
Exposure of Resource to Wrong Sphere
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may
CVE-2023-36536
7.8 - High
- July 11, 2023
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
Untrusted Path
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may
CVE-2023-36537
7.8 - High
- July 11, 2023
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
Improper access control in Zoom Rooms for Windows before version 5.15.0 may
CVE-2023-36538
7.8 - High
- July 11, 2023
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2023-36539
7.5 - High
- June 30, 2023
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
Inadequate Encryption Strength
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may
CVE-2023-34121
8.8 - High
- June 13, 2023
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability
CVE-2023-28597
7.5 - High
- March 27, 2023
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zooms web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
Zoom for Windows clients before version 5.13.3
CVE-2023-22880
7.5 - High
- March 16, 2023
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsofts online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsofts telemetry behavior.
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism
CVE-2022-36925
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
Use of Hard-coded Credentials
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability
CVE-2022-36930
7.8 - High
- January 09, 2023
Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability
CVE-2022-36929
7.8 - High
- January 09, 2023
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability
CVE-2022-36927
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability
CVE-2022-36926
7.8 - High
- January 09, 2023
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability
CVE-2022-28766
7.3 - High
- November 17, 2022
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
DLL preloading
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability
CVE-2022-36924
7.8 - High
- November 17, 2022
The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.
DLL preloading
The Zoom Client for Meetings (for Android
CVE-2022-28764
3.3 - Low
- November 14, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
Insufficient Cleanup
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability
CVE-2022-28752
7.8 - High
- August 17, 2022
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
The Zoom Opener installer is downloaded by a user
CVE-2022-22788
7.8 - High
- June 15, 2022
The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host.
DLL preloading
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0
CVE-2022-22786
8.8 - High
- May 18, 2022
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.
Download of Code Without Integrity Check
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges
CVE-2021-34411
7.8 - High
- September 27, 2021
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
Improper Privilege Management
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0
CVE-2021-34409
7.8 - High
- September 27, 2021
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zoom Screen Sharing or by Zoom? Click the Watch button to subscribe.