CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15715

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile31.83th
PublishedNov 30, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Affected Platforms (CPE)

📦
Zoom

Zoom

<= 2.4.129780.0915
📦
Zoom

Zoom

< 4.1.34801.1116
📦
Zoom

Zoom

< 4.1.34814.1119

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2018-40
🔗 https://www.tenable.com/security/research/tra-2018-40

Related Vulnerabilities

CVE-2004-068010.0

Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the...

CVE-2019-1981010.0

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote un...

CVE-2019-162739.8

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitra...

CVE-2018-204019.8

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4....