CVE-2021-34412
Description
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.118
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-11876,CVE-2020-11877,CVE-2021-33907,CVE-2021-34408,CVE-2021-34412 are affected in Zoom 4.6.11 | Windows |
| Vulnerabilities CVE-2020-11876,CVE-2020-11877,CVE-2021-33907,CVE-2021-34408,CVE-2021-34412 are affected in Zoom 4.6.11(x64) | Windows |
| Vulnerabilities CVE-2021-34412 are fixed in Zoom (x64) (5.15.7.20303) | Windows |
| Vulnerabilities CVE-2021-34412 are fixed in Zoom (5.15.7.20303) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-314045 | Zoom (5.0.23502.0430) |
| PATCH-319772 | Zoom (x64) (5.6.6.961) |
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-332243 | Zoom (5.15.7.20303) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234