CVE-2021-20610 vulnerability in Zoom Products
Published on December 1, 2021

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC iQ-R Series R12CCPU-V, MELSEC Q Series Q03UDECPU, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU, MELSEC Q Series Q03/04/06/13/26UDVCPU, MELSEC Q Series Q04/06/13/26UDPVCPU, MELSEC Q Series Q12DCCPU-V, MELSEC Q Series Q24DHCCPU-V(G), MELSEC Q Series Q24/26DHCCPU-LS, MELSEC Q Series MR-MQ100, MELSEC Q Series Q172/173DCPU-S1, MELSEC Q Series Q172/173DSCPU, MELSEC Q Series Q170MCPU, MELSEC Q Series Q170MSCPU(-S1), MELSEC L Series L02/06/26CPU(-P), MELSEC L Series L26CPU-(P)BT and MELIPC Series MI5122-VW allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-20610 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

What is a length manipulation Vulnerability?

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

CVE-2021-20610 has been classified to as a length manipulation vulnerability or weakness.

Products Associated with CVE-2021-20610

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-20610 are published in these products:

Zoom Meetings For Chrome Os

Zoom Virtual Desktop Infrastructure

Zoom Android Meeting Sdk

Zoom Iphone Os Meeting Sdk

Zoom Macos Meeting Sdk

Zoom Windows Meeting Sdk

Zoom Android Video Sdk

Zoom Iphone Os Video Sdk

Zoom Macos Video Sdk

Zoom Windows Video Sdk

Zoom Hybrid Mmr

Zoom Hybrid Zproxy

Zoom On Premise Meeting Connector Controller

Zoom On Premise Meeting Connector Mmr

Zoom On Premise Recording Connector

Zoom On Premise Virtual Room Connector

Zoom On Premise Virtual Room Connector Load Balancer

Zoom Vdi Azure Virtual Desktop

Zoom Vdi Citrix

Zoom Vdi Vmware

Zoom Vdi Windows Meeting Client

Affected Versions

Mitsubishi Electric Corporation MELSEC iQ-R Series R00CPU:

Version Firmware versions "24" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R01CPU:

Version Firmware versions "24" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R02CPU:

Version Firmware versions "24" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R04CPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R08CPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16CPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32CPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R120CPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R04ENCPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R08ENCPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16ENCPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32ENCPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R120ENCPU:

Version Firmware versions "57" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R08SFCPU:

Version Firmware versions "26" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16SFCPU:

Version Firmware versions "26" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32SFCPU:

Version Firmware versions "26" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R120SFCPU:

Version Firmware versions "26" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R08PCPU:

Version Firmware versions "29" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16PCPU:

Version Firmware versions "29" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32PCPU:

Version Firmware versions "29" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R120PCPU:

Version Firmware versions "29" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R08PSFCPU:

Version Firmware versions "08" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16PSFCPU:

Version Firmware versions "08" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32PSFCPU:

Version Firmware versions "08" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R120PSFCPU:

Version Firmware versions "08" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R16MTCPU:

Version Operating system software version "23" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R32MTCPU:

Version Operating system software version "23" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R64MTCPU:

Version Operating system software version "23" and prior is affected.

Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V:

Version Firmware versions "16" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q03UDECPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q04UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q06UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q10UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q13UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q20UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q26UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q50UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q100UDEHCPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q03UDVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q04UDVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q06UDVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q13UDVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q26UDVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q04UDPVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q06UDPVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q13UDPVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q26UDPVCPU:

Version The first 5 digits of serial No. "23071" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q12DCCPU-V:

Version The first 5 digits of serial No. "24031" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q24DHCCPU-V:

Version The first 5 digits of serial No. "24031" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q24DHCCPU-VG:

Version The first 5 digits of serial No. "24031" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q24DHCCPU-LS:

Version The first 5 digits of serial No. "24031" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q26DHCCPU-LS:

Version The first 5 digits of serial No. "24031" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series MR-MQ100:

Version Operating system software version "F" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q172DCPU-S1:

Version Operating system software version "W" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q173DCPU-S1:

Version Operating system software version "W" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q172DSCPU:

Version Operating system software version "Y" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q173DSCPU:

Version Operating system software version "Y" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q170MCPU:

Version Operating system software version "W" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q170MSCPU:

Version Operating system software version "Y" and prior is affected.

Mitsubishi Electric Corporation MELSEC Q Series Q170MSCPU-S1:

Version Operating system software version "Y" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L02CPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L06CPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L26CPU:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L02CPU-P:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L06CPU-P:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L26CPU-P:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L26CPU-BT:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELSEC L Series L26CPU-PBT:

Version The first 5 digits of serial No. "23121" and prior is affected.

Mitsubishi Electric Corporation MELIPC Series MI5122-VW:

Version Firmware versions "05" and prior is affected.

Exploit Probability

EPSS

0.66%

Percentile

70.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-20610 vulnerability in Zoom ProductsPublished on December 1, 2021

Vulnerability Analysis

Weakness Type

What is a length manipulation Vulnerability?

Products Associated with CVE-2021-20610

Affected Versions

Exploit Probability

CVE-2021-20610 vulnerability in Zoom Products
Published on December 1, 2021