CVE-2024-24691
CRITICALDescription
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
Is your site exposed to CVE-2024-24691?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| zoom | meeting_software_development_kit |
| zoom | rooms |
| zoom | vdi_windows_meeting_clients |
| zoom | vdi_windows_meeting_clients |
| zoom | vdi_windows_meeting_clients |
| zoom | zoom |
References
Frequently Asked Questions
What is CVE-2024-24691? +
How severe is CVE-2024-24691? +
What products are affected by CVE-2024-24691? +
How do I check if I'm vulnerable to CVE-2024-24691? +
Related Vulnerabilities
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple …
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command …
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection …
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An …
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go …
Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify …