CVE-2019-13450
Description
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.185
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Zoom 4.4.4 | Windows |
| Vulnerabilities CVE-2019-13450 are affected in RingCentral for Mac 7.0.136380.0312 | Mac |
| Vulnerabilities CVE-2019-13450 are affected in Zoom for MAC (Apple Silicon) 4.4.2 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-309526 | Zoom (4.4.52570.0415) |
| PATCH-611927 | RingCentral For Mac (Apple Silicon) (25.3.2016.1118) |
| PATCH-611910 | Zoom IT for MAC (Apple Silicon) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234