CVE-2024-42441

EPSS 0.24%
Veröffentlicht 14.08.2024 17:15:17
Zuletzt bearbeitet 02.10.2025 21:16:00
Quelle security@zoom.us
CVE-Watchlists
Login
Unerledigt
Login

Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Incorrect Privilege Assignment

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Meeting Software Development Kit SwPlatformmacos Version < 6.1.5

Zoom ≫ Rooms SwPlatformmacos Version < 6.1.5

Zoom ≫ Workplace Desktop SwPlatformmacos Version < 6.1.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@zoom.us	6.2	0.3	5.9	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://www.zoom.com/en/trust/security-bulletin/zsb-24034

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-42441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42441

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-42441