Description
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
Published: 2026-06-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient verification of data authenticity in the Remote Control component of Zoom Contact Center for Windows enables an authenticated local attacker to manipulate control settings and gain higher privileges. This flaw allows a user with legitimate access to the application to execute actions that normally require elevated rights, potentially leading to unauthorized configuration changes or system compromise. The weakness is tied to CWE-345, involving the failure to verify the integrity of the data used for controlling access rights.

Affected Systems

Zoom Communications Remote Control for Zoom Contact Center on Windows versions prior to 7.0.0 are affected. Users running any older release should consider this product version vulnerable until updated.

Risk and Exploitability

The CVSS v3.1 score of 7.8 indicates a high severity for an authenticated local privilege escalation. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to be logged into the system and have access to the Zoom Contact Center application. Because the flaw leverages locally privileged users, the window for exploitation is limited to environments where such users exist, but the potential impact remains considerable if privileged accounts are compromised.

Generated by OpenCVE AI on June 12, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Zoom Remote Control for Zoom Contact Center to version 7.0.0 or later for Windows to address the data authenticity check flaw.
  • If the feature is not required, disable Remote Control in the Zoom Contact Center settings to eliminate the attack surface.
  • Apply the principle of least privilege to local user accounts that can access Remote Control, ensuring only necessary permissions are granted.

Generated by OpenCVE AI on June 12, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Zoom Communications
Zoom Communications remote Control For Zoom Contact Center
Vendors & Products Zoom Communications
Zoom Communications remote Control For Zoom Contact Center

Fri, 12 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Authenticated Escalation via Remote Control Module in Zoom Contact Center

Fri, 12 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
Weaknesses CWE-345
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zoom Communications Remote Control For Zoom Contact Center
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-06-12T18:01:48.839Z

Reserved: 2026-06-09T10:12:34.854Z

Link: CVE-2026-53406

cve-icon Vulnrichment

Updated: 2026-06-12T18:01:34.600Z

cve-icon NVD

Status : Received

Published: 2026-06-12T18:16:35.457

Modified: 2026-06-12T18:16:35.457

Link: CVE-2026-53406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:19:28Z

Weaknesses
  • CWE-345

    Insufficient Verification of Data Authenticity