CVE-2024-27244

EPSS 0.13%
Published 15.05.2024 21:15:08
Last modified 21.08.2025 16:20:43
Source security@zoom.us
Teams watchlist Login
Open Login

Insufficient verification of data authenticity in the installer for Zoom Workplace  VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Workplace Virtual Desktop Infrastructure SwPlatformwindows Version < 5.15.0

Zoom ≫ Workplace Virtual Desktop Infrastructure SwPlatformwindows Version >= 5.16.0 < 5.17.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.337

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@zoom.us	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.zoom.com/en/trust/security-bulletin/zsb-24015/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27244

EUVD