Zoom Desktop Client <5.17.10 PrivEsc via Installer on Windows
CVE-2024-24694 Published on April 9, 2024

Zoom Desktop Client for Windows - Improper Privilege Management
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

NVD

Vulnerability Analysis

CVE-2024-24694 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.


Products Associated with CVE-2024-24694

Want to know whenever a new CVE is published for Zoom? stack.watch will email you.

Zoom
 

Affected Versions

Zoom Video Communications, Inc. Zoom Desktop Client for Windows: zoom workplace_desktop:

Exploit Probability

EPSS
0.03%
Percentile
9.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.