CVE-2019-13449: Input Validation
First published: Tue Jul 09 2019(Updated: )
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom | <4.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf
- https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
- https://bugs.chromium.org/p/chromium/issues/detail?id=951540
- https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
- https://twitter.com/zoom_us/status/1148710712241295361
Frequently Asked Questions
What is the vulnerability ID of this Zoom vulnerability?
The vulnerability ID of this Zoom vulnerability is CVE-2019-13449.
What is the severity of CVE-2019-13449?
The severity of CVE-2019-13449 is medium with a CVSS score of 6.5.
How does the Zoom vulnerability CVE-2019-13449 affect macOS?
CVE-2019-13449 in Zoom can cause a denial of service (continual focus grabs) on macOS.
How can remote attackers exploit CVE-2019-13449 in Zoom?
Remote attackers can exploit CVE-2019-13449 in Zoom by sending a sequence of invalid requests to localhost port 19421.
Is there a fix available for Zoom vulnerability CVE-2019-13449?
Yes, the fix for Zoom vulnerability CVE-2019-13449 is to update the Zoom Client to version 4.4.2 or later.
- collector/nvd-index
- vendor/zoom
- canonical/zoom zoom