![]() The other patch issued by Zoom addresses a vulnerability in the Pre-auth Null pointer crash in the on-premise web console, which is tracked as CVE-2021-34418 and is rated medium with a CVSS score of 4.0. bat extensions, which could lead to a threat actor installing malicious software on a victim’s computer," Zoom notes. "The Zoom Client for Meetings for Windows installer does not verify the signature of files with. The vulnerability, tracked as CVE-2021-34420, affects all Zoom Client for Meetings for Windows before version 5.5.4. Lower-Rated VulnerabilitiesĪnother significant patch issued was for a Zoom Windows installation executable signature bypass flaw, which is rated as medium and has a CVSS score of 4.7. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution," Zoom states. "A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. The second vulnerability, tracked as CVE-2021-34422, is rated high with a CVSS score of 7.2 and affects Keybase Client for Windows that contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. The vulnerability, tracked as CVE-2021-34417, fails to validate input sent in requests to set the network proxy password, which could lead to a remote command injection by a web portal administrator. ![]() The most serious flaw, rated as high with a CVSS Score of 7.9, was the network proxy page on the web portal for products such as Zoom On-Premise Meeting Connector Controller, Zoom On-Premise Meeting Connector MMR, Zoom On-Premise Recording Connector, Zoom On-Premise Virtual Room Connector and Zoom On-Premise Virtual Room Connector Load Balancer. In a Thursday security bulletin, Zoom released multiple patches for its product. The now patched vulnerabilities could have enabled attackers to obtain server access with maximum privileges and navigate further on the company’s network, as well as compromise the Zoom software’s functionality - making it impossible for victims to hold conferences. See Also: Live Webinar | Reclaim Control over Your Secrets - The Secret Sauce to Secrets Security Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |