4.3

CVE-2021-28133

EPSS 1.32%
Veröffentlicht 18.03.2021 14:15:14
Zuletzt bearbeitet 21.11.2024 05:59:09
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Zoom Version <= 5.5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.32%	0.78

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.html

Third Party Advisory

http://seclists.org/fulldisclosure/2021/Mar/48

Third Party Advisory

https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt

Third Party Advisory

https://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharing-funktionalitaet-von-zoom-cve-2021-28133

Third Party Advisory

https://www.youtube.com/watch?v=SonmmgQlLzg

Third Party Advisory

https://zoom.us/trust/security/security-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28133

EUVD