CVE-2021-34418: Pre-auth Null pointer crash in on-premise web console
First published: Thu Nov 11 2021(Updated: )
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom On-premise Meeting Connector Controller | <4.6.239.20200613 | |
| Zoom Zoom On-premise Meeting Connector Mmr | <4.6.239.20200613 | |
| Zoom Zoom On-premise Recording Connector | <3.8.42.20200905 | |
| Zoom Zoom On-premise Virtual Room Connector | <4.4.6344.20200612 | |
| Zoom Zoom On-premise Virtual Room Connector Load Balancer | <2.5.5492.20200616 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoom On-Premise Meeting Connector issue?
The vulnerability ID for this Zoom On-Premise Meeting Connector issue is CVE-2021-34418.
What is the severity of CVE-2021-34418?
The severity of CVE-2021-34418 is medium with a CVSS score of 5.3.
Which software versions are affected by CVE-2021-34418?
The affected software versions are Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616.
How can I fix the Zoom On-Premise Meeting Connector vulnerability (CVE-2021-34418)?
To fix the vulnerability, you should update your Zoom On-Premise Meeting Connector to version 4.6.239.20200613 or higher.
Where can I find more information about CVE-2021-34418?
You can find more information about CVE-2021-34418 in the Zoom security bulletin at https://explore.zoom.us/en/trust/security/security-bulletin.
- collector/nvd-index
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/last-modified-date
- agent/type
- agent/description
- agent/tags
- agent/event
- vendor/zoom
- canonical/zoom zoom on-premise meeting connector controller
- canonical/zoom zoom on-premise meeting connector mmr
- canonical/zoom zoom on-premise recording connector
- canonical/zoom zoom on-premise virtual room connector
- canonical/zoom zoom on-premise virtual room connector load balancer