CVE-2018-15715

Exploit

EPSS 1.27%
Veröffentlicht 30.11.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:51:19
Quelle vulnreport@tenable.com
Teams Watchlist Login
Unerledigt Login

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Zoom SwPlatformlinux Version <= 2.4.129780.0915

Zoom ≫ Zoom SwPlatformmac_os_x Version < 4.1.34801.1116

Zoom ≫ Zoom SwPlatformwindows Version < 4.1.34814.1119

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.27%	0.787

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.tenable.com/security/research/tra-2018-40

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-15715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15715

EUVD