CVE-2019-13567 - OpenCVE

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zoom	Zoom

Configuration 1 [-]

cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*

No data.

References

Link	Providers
https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b
https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS
https://twitter.com/JLLeitschuh/status/1149420685405708295
https://twitter.com/JLLeitschuh/status/1149422543658520578
https://twitter.com/riskybusiness/status/1149125147019767814
https://twitter.com/wcbowling/status/1149457231504498689
https://twitter.com/wcbowling/status/1166998107667619841

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-12T03:00:51

Updated: 2024-08-04T23:57:39.254Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13567

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-12T04:15:10.900

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-13567

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-30T16:11:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://twitter.com/riskybusiness/status/1149125147019767814"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/JLLeitschuh/status/1149420685405708295"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/wcbowling/status/1149457231504498689"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/JLLeitschuh/status/1149422543658520578"}, {"tags": ["x_refsource_MISC"], "url": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/wcbowling/status/1166998107667619841"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://twitter.com/riskybusiness/status/1149125147019767814", "refsource": "MISC", "url": "https://twitter.com/riskybusiness/status/1149125147019767814"}, {"name": "https://twitter.com/JLLeitschuh/status/1149420685405708295", "refsource": "MISC", "url": "https://twitter.com/JLLeitschuh/status/1149420685405708295"}, {"name": "https://twitter.com/wcbowling/status/1149457231504498689", "refsource": "MISC", "url": "https://twitter.com/wcbowling/status/1149457231504498689"}, {"name": "https://twitter.com/JLLeitschuh/status/1149422543658520578", "refsource": "MISC", "url": "https://twitter.com/JLLeitschuh/status/1149422543658520578"}, {"name": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS", "refsource": "MISC", "url": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS"}, {"name": "https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b", "refsource": "MISC", "url": "https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b"}, {"name": "https://twitter.com/wcbowling/status/1166998107667619841", "refsource": "MISC", "url": "https://twitter.com/wcbowling/status/1166998107667619841"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.254Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/riskybusiness/status/1149125147019767814"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/JLLeitschuh/status/1149420685405708295"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/wcbowling/status/1149457231504498689"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/JLLeitschuh/status/1149422543658520578"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/wcbowling/status/1166998107667619841"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13567", "datePublished": "2019-07-12T03:00:51", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.254Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", "matchCriteriaId": "D7CC6BDB-46B2-4A95-985C-A7F0674047F4", "versionEndExcluding": "4.4.53932.0709", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData."}, {"lang": "es", "value": "El Cliente Zoom anterior a versi\u00f3n 4.4.2 en macOS, permite la ejecuci\u00f3n de c\u00f3digo remota, una vulnerabilidad diferente de CVE-2019-13450. Si el demonio ZoomOpener (tambi\u00e9n conocido como el servidor web hidden) se ejecuta, pero el Cliente Zoom no est\u00e1 instalado o no se puede abrir, un atacante puede ejecutar el c\u00f3digo de remotamente con una URL de inicio maliciosamente dise\u00f1ada. NOTA: ZoomOpener es eliminada con la herramienta de eliminaci\u00f3n de malware de Apple (MRT) si esta herramienta est\u00e1 habilitada y tiene el MRTConfigData en 10-07-2019."}], "id": "CVE-2019-13567", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-12T04:15:10.900", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/JLLeitschuh/status/1149420685405708295"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/JLLeitschuh/status/1149422543658520578"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/riskybusiness/status/1149125147019767814"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://twitter.com/wcbowling/status/1149457231504498689"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/wcbowling/status/1166998107667619841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}