CVE-2024-24691: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
First published: Wed Feb 14 2024(Updated: )
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meeting SDK | <5.16.5 | |
| Zoom Rooms | <5.17.0 | |
| Zoom Client for Meetings | <5.14.14 | |
| Zoom Client for Meetings | >5.14.14<5.15.12 | |
| Zoom Client for Meetings | >5.15.12<5.16.10 | |
| Zoom | <5.16.5 | |
| Zoom Desktop Client | =before version 5.16.5 | |
| Zoom Client for Meetings | =before version 5.16.10 (excluding 5.14.14 and 5.15.12) | |
| Zoom Rooms | =before version 5.17.0 | |
| Zoom Zoom Meeting SDK | =before version 5.16.5 | |
| Zoom Desktop Client | ||
| Zoom Zoom mobile apps | ||
| Zoom Client for Meetings | ||
| Zoom Rooms | ||
| Zoom Zoom Meeting SDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-24691?
CVE-2024-24691 is considered a critical vulnerability due to its potential for privilege escalation by unauthenticated users.
How do I fix CVE-2024-24691?
To fix CVE-2024-24691, it is essential to update the affected Zoom products to the latest versions that are not vulnerable.
Which versions are affected by CVE-2024-24691?
CVE-2024-24691 affects Zoom Desktop Client versions before 5.16.5, Zoom VDI Client before 5.16.10, and Zoom Rooms before 5.17.0.
Can CVE-2024-24691 be exploited remotely?
Yes, CVE-2024-24691 can be exploited remotely via network access by an unauthenticated user.
Who is affected by CVE-2024-24691?
Users of the affected Zoom software on Windows platforms are at risk of exploitation due to CVE-2024-24691.
- agent/author
- agent/title
- agent/type
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-24691
- collector/the-register
- source/The Register
- alias/CVE-2024-24690
- alias/CVE-2024-24695
- alias/CVE-2024-24696
- alias/CVE-2024-24697
- alias/CVE-2024-24698
- alias/CVE-2024-24699
- agent/references
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/description
- agent/severity
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/news-ai
- vendor/zoom
- canonical/zoom meeting sdk
- canonical/zoom rooms
- canonical/zoom client for meetings
- canonical/zoom
- canonical/zoom desktop client
- version/zoom desktop client/before version 5.16.5
- version/zoom client for meetings/before version 5.16.10 (excluding 5.14.14 and 5.15.12)
- version/zoom rooms/before version 5.17.0
- canonical/zoom zoom meeting sdk
- version/zoom zoom meeting sdk/before version 5.16.5
- canonical/zoom zoom mobile apps