CVE Published: 15/05/2024 |
CVE Updated: 20/09/2024 |
CVE Year: 2024 Source: Zoom |
Vendor: Zoom Video Communications, Inc. |
Product: Zoom Workplace VDI App for Windows Status : PUBLISHED
CVE-2024-27244 Description
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Metrics
CVSS Version: 3.1 |
Base Score: 6.7 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-347 CWE Name: CWE-347 Improper Verification of Cryptographic Signature Source: Zoom Video Communications, Inc.
Common Attack Pattern Enumeration and Classification (CAPEC)