Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
History

Thu, 29 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Zoom meeting Software Development Kit
CPEs cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*
Vendors & Products Zoom meeting Software Development Kit

Fri, 16 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom workplace Desktop
CPEs cpe:2.3:a:zoom_communications_inc:workplace_desktop_app:*:*:*:*:*:*:*:* cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*
Vendors & Products Zoom Communications Inc
Zoom Communications Inc workplace Desktop App
Zoom
Zoom workplace Desktop

Wed, 14 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Zoom Communications Inc
Zoom Communications Inc workplace Desktop App
CPEs cpe:2.3:a:zoom_communications_inc:workplace_desktop_app:*:*:*:*:*:*:*:*
Vendors & Products Zoom Communications Inc
Zoom Communications Inc workplace Desktop App
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Description Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
Title Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS - Untrusted Search Path
Weaknesses CWE-426
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2024-08-14T16:42:48.215Z

Updated: 2024-08-16T13:18:48.409Z

Reserved: 2024-08-01T19:13:16.137Z

Link: CVE-2024-42439

cve-icon Vulnrichment

Updated: 2024-08-14T17:21:10.702Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-14T17:15:17.530

Modified: 2024-08-29T00:00:11.627

Link: CVE-2024-42439

cve-icon Redhat

No data.