CVE-2021-33907 Vulnerability Details

  /     /     /  

CVE-2021-33907 Metadata Quick Info

CVE Published: 27/09/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: Zoom | Vendor: n/a | Product: Zoom Client for Meetings for Windows
Status : PUBLISHED

---

CVE-2021-33907 Description

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Verification of Crypto Signature
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).