CVE-2024-24690: Zoom Clients - Improper Input Validation
First published: Wed Feb 14 2024(Updated: )
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meeting SDK | <5.16.5 | |
| Zoom Rooms | <5.17.0 | |
| Zoom Client for Meetings | <5.14.14 | |
| Zoom Client for Meetings | >5.14.14<5.15.12 | |
| Zoom Client for Meetings | >5.15.12<5.16.10 | |
| Zoom Video Software Development Kit | <5.16.5 | |
| Zoom | <5.16.5 | |
| Zoom | <5.16.5 | |
| Zoom Zoom Linux kernel | <5.16.5 | |
| Zoom | <5.16.5 | |
| Zoom | <5.16.5 | |
| Zoom Desktop Client | =before version 5.16.5 | |
| Zoom VDI | =before version 5.16.10 (excluding 5.14.14 and 5.15.12) | |
| Zoom Rooms | =before version 5.17.0 | |
| Zoom SDK | =before version 5.16.5 | |
| Zoom Desktop Client | ||
| Zoom | ||
| Zoom VDI | ||
| Zoom Rooms | ||
| Zoom Meeting SDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-24690?
The severity of CVE-2024-24690 is classified based on its impact on system availability due to improper input validation leading to potential denial of service.
How do I fix CVE-2024-24690?
To fix CVE-2024-24690, upgrade your Zoom clients to versions 5.16.5 or later for desktop, 5.16.10 or later for VDI clients, and 5.17.0 or later for Zoom Rooms.
Which Zoom products are affected by CVE-2024-24690?
CVE-2024-24690 affects Zoom Desktop Client, Zoom VDI Client, Zoom Rooms Client, and Zoom Meeting SDK before their respective versions specified in the vulnerability description.
What are the potential consequences of CVE-2024-24690?
The potential consequences of CVE-2024-24690 include an authenticated user being able to disrupt the service for other users via network access.
Is there a workaround for CVE-2024-24690?
There are no official workarounds for CVE-2024-24690, and the recommended action is to upgrade to the latest versions of the affected Zoom products.
- agent/author
- agent/title
- agent/type
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-24691
- alias/CVE-2024-24690
- alias/CVE-2024-24695
- alias/CVE-2024-24696
- alias/CVE-2024-24697
- alias/CVE-2024-24698
- alias/CVE-2024-24699
- agent/references
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/severity
- agent/event
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/news-ai
- vendor/zoom
- canonical/zoom meeting sdk
- canonical/zoom rooms
- canonical/zoom client for meetings
- canonical/zoom video software development kit
- canonical/zoom
- canonical/zoom zoom linux kernel
- canonical/zoom desktop client
- version/zoom desktop client/before version 5.16.5
- canonical/zoom vdi
- version/zoom vdi/before version 5.16.10 (excluding 5.14.14 and 5.15.12)
- version/zoom rooms/before version 5.17.0
- canonical/zoom sdk
- version/zoom sdk/before version 5.16.5