CVE-2024-45421

High

Published: 25 February 2025

Published

25 February 2025

Modified

05 March 2025

KEV Added

—

Patch

—

CVSS Score 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0069 72.0th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

Security Summary

CVE-2024-45421 is a buffer overflow vulnerability, associated with CWE-122 and CWE-119, affecting some Zoom Apps. Published on 2025-02-25T20:15:35.400, it carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, low privilege requirements, no user interaction, and scope change with high impacts on confidentiality, integrity, and availability.

An authenticated user with low privileges (PR:L) can exploit this vulnerability over the network (AV:N), despite high attack complexity (AC:H). Successful exploitation enables escalation of privilege, potentially allowing the attacker to achieve high-level impacts on confidentiality, integrity, and availability within a changed scope (S:C).

Zoom's security bulletin ZSB-24043, available at https://www.zoom.com/en/trust/security-bulletin/zsb-24043/, provides further details on the vulnerability and associated mitigations or patches.

Details

CWE(s): CWE-122CWE-119

Affected Products

zoom

meeting software development kit

≤ 6.2.0 · ≤ 6.2.0 · ≤ 6.2.0

zoom

rooms

≤ 6.2.0 · ≤ 6.2.0 · ≤ 6.2.0

zoom

rooms controller

≤ 6.2.0 · ≤ 6.2.0 · ≤ 6.2.0

zoom

video software development kit

≤ 6.2.0 · ≤ 6.2.0 · ≤ 6.2.0

zoom

workplace

≤ 6.2.0 · ≤ 6.2.0

zoom

workplace desktop

≤ 6.2.0 · ≤ 6.2.0 · ≤ 6.2.0

zoom

workplace virtual desktop infrastructure

≤ 6.1.12

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24043/
Vendor Advisory · security@zoom.us