CVE-2024-27240— Zoom Apps for Windows - Improper Input Validation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-27240
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zoom Apps for Windows - Improper Input Validation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Zoom产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zoom Rooms和Zoom Workplace都是美国Zoom公司的产品。Zoom Rooms是一个基于软件的会议系统。允许在固定终端上进行网络会议的系统,类似于传统的视频会议系统。Zoom Workplace是一个桌面应用软件。 多款Zoom产品存在安全漏洞,该漏洞源于安装程序中存在不正确的输入验证,允许攻击者通过本地访问进行权限升级。受影响产品及版本如下:Zoom Workplace Desktop App 6.0.0之前版本、Zoom Workplace VDI Plug-in 5.17.13之
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for Windows | See references | - |
II. Public POCs for CVE-2024-27240
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-27240
请登录查看更多情报信息。
Same Patch Batch · Zoom Communications, Inc · 2024-07-15 · 8 CVEs total
| CVE-2024-27238 | 7.1 HIGH | Zoom Apps and SDKs - Race Condition |
| CVE-2024-39826 | 6.8 MEDIUM | Zoom Workplace Apps and SDKs - Path traversal |
| CVE-2024-39819 | 6.7 MEDIUM | Zoom Workplace Apps and SDK for Windows - Improper Privilege Management |
| CVE-2024-39821 | 6.6 MEDIUM | Zoom Workplace App for Windows and Zoom Rooms App for Windows - Race Condition |
| CVE-2024-39820 | 6.6 MEDIUM | Zoom Workplace Desktop App for macOS - Uncontrolled Search Path Element |
| CVE-2024-39827 | 5.5 MEDIUM | Zoom Workplace Desktop App for Windows - Improper Input Validation |
| CVE-2024-27241 | 5.3 MEDIUM | Zoom Apps and SDKs - Improper Input Validation |
IV. Related Vulnerabilities
Same vendor: Zoom Communications, Inc
- CVE-2025-58131
Zoom Workplace VDI Plugin macOS Universal installer for VMwa - CVE-2025-58135
Zoom Workplace Clients for Windows - Improper Action Enforce - CVE-2025-58134
Zoom Workplace Clients for Windows - Incorrect Authorization - CVE-2025-49461
Zoom Workplace Clients - Cross-site Scripting - CVE-2025-49460
Zoom Workplace Clients - Argument Injection
Same weakness: CWE-20
V. Comments for CVE-2024-27240
No comments yet