CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-15715

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile31.83th
Published2018年11月30日
Last Modified2024年11月21日

Vulnerability Description

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Affected Platforms (CPE)

📦
Zoom

Zoom

<= 2.4.129780.0915
📦
Zoom

Zoom

< 4.1.34801.1116
📦
Zoom

Zoom

< 4.1.34814.1119

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2018-40
🔗 https://www.tenable.com/security/research/tra-2018-40

相关漏洞威胁

CVE-2004-068010.0

Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the...

CVE-2019-1981010.0

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote un...

CVE-2019-162739.8

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitra...

CVE-2018-204019.8

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4....

CVE-2018-15715 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space