CVE-2024-45418

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24040/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meeting_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:video_software_development_kit::::::macos::*
	cpe:2.3:a:zoom:workplace_desktop::::::macos::*

History

No history.

Information

Published : 2025-02-25 20:15

Updated : 2025-03-04 17:36

NVD link : CVE-2024-45418

Mitre link : CVE-2024-45418

CVE.ORG link : CVE-2024-45418

JSON object : View

Products Affected

zoom

meeting_software_development_kit
video_software_development_kit
workplace_desktop
rooms

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2024-45418", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-25T20:15:35.223", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-61"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access."}, {"lang": "es", "value": "El enlace simb\u00f3lico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versi\u00f3n 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."}], "lastModified": "2025-03-04T17:36:43.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", "versionEndExcluding": "6.1.5"}, {"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", "versionEndExcluding": "6.1.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}