CVE-2021-30480

Sažetak

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.

Reference

https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/
https://twitter.com/thezdi/status/1379859851061395459
https://www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2own
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-day-discovery-makes-calls-safer-hackers-200000-richer/
https://zoom.us/feature/messaging
https://twitter.com/thezdi/status/1379855435730149378
https://www.zerodayinitiative.com/advisories/ZDI-21-971/
https://explore.zoom.us/en/trust/security/security-bulletin/
https://sector7.computest.nl/post/2021-08-zoom/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

21-09-2021 - 17:46

Objavljeno

09-04-2021 - 23:15