CVE-2021-34424

Q: What is the severity of CVE-2021-34424?

CVE-2021-34424 has a CVSS score of 7.5 (HIGH). This vulnerability in Zoom clients and servers allows attackers to read arbitrary memory contents, potentially exposing sensitive information like session tokens, passwords, or encryption keys. It affects Zoom's desktop clients, mobile apps, meeting SDKs, VDI plugins, and on-premise components across all major operating systems. The memory exposure could lead to information disclosure that facilitates further attacks.

7.5 HIGH

📋 TL;DR

This vulnerability in Zoom clients and servers allows attackers to read arbitrary memory contents, potentially exposing sensitive information like session tokens, passwords, or encryption keys. It affects Zoom's desktop clients, mobile apps, meeting SDKs, VDI plugins, and on-premise components across all major operating systems. The memory exposure could lead to information disclosure that facilitates further attacks.

💻 Affected Systems

Products:

Zoom Client for Meetings
Zoom Client for Meetings for Blackberry
Zoom Client for Meetings for Intune
Zoom Client for Meetings for Chrome OS
Zoom Rooms for Conference Room
Controllers for Zoom Rooms
Zoom VDI Windows Meeting Client
Zoom VDI Azure Virtual Desktop Plugins
Zoom VDI Citrix Plugins
Zoom VDI VMware Plugins
Zoom Meeting SDK
Zoom Video SDK
Zoom on-premise Meeting Connector
Zoom on-premise Meeting Connector MMR
Zoom on-premise Recording Connector
Zoom on-premise Virtual Room Connector
Zoom on-premise Virtual Room Connector Load Balancer
Zoom Hybrid Zproxy
Zoom Hybrid MMR

Versions: Various versions before 5.8.4 for most clients, with specific version thresholds for different components as listed in the description

Operating Systems: Android, iOS, Linux, macOS, Windows, Chrome OS, various VDI platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both cloud and on-premise deployments across Zoom's entire product ecosystem

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract authentication tokens, encryption keys, or sensitive user data from memory, leading to account compromise, meeting hijacking, or data breaches.

🟠

Likely Case

Information leakage that could reveal session information, partial credentials, or system details that aid in reconnaissance for further attacks.

🟢

If Mitigated

Limited exposure of non-sensitive memory regions with minimal impact if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available, making exploitation straightforward for attackers with network access to vulnerable systems

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zoom Client 5.8.4+, various other component-specific versions as listed in description

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin

Restart Required: Yes

Instructions:

1. Identify all Zoom installations in your environment. 2. Update Zoom Client for Meetings to version 5.8.4 or later. 3. Update Zoom Rooms to version 5.8.3 or later. 4. Update all other affected components to their respective patched versions. 5. Restart systems after updates. 6. Verify updates completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom services to trusted networks only

Disable Unnecessary Features

all

Disable Zoom features not required for business operations to reduce attack surface

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted networks only
Monitor for unusual memory access patterns or information leakage in network traffic

🔍 How to Verify

Check if Vulnerable:

Check Zoom client version in application settings or via command line: On Windows: 'zoom.exe --version', On macOS: '/Applications/zoom.us.app/Contents/Info.plist' or 'defaults read /Applications/zoom.us.app/Contents/Info.plist CFBundleShortVersionString', On Linux: Check package version via package manager

Check Version:

Windows: zoom.exe --version, macOS: defaults read /Applications/zoom.us.app/Contents/Info.plist CFBundleShortVersionString, Linux: dpkg -l | grep zoom or rpm -qa | grep zoom

Verify Fix Applied:

Confirm version is at or above: Zoom Client 5.8.4, Zoom Rooms 5.8.3, and other component-specific patched versions

📡 Detection & Monitoring

Log Indicators:

Unusual memory access patterns
Multiple failed memory read attempts
Unexpected process memory dumps

Network Indicators:

Unusual traffic to Zoom services from untrusted sources
Patterns suggesting memory scraping

SIEM Query:

source="zoom*" AND (event_type="memory_access" OR event_type="process_dump")

📊 Metadata

CVE ID: CVE-2021-34424

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: November 24, 2021

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/165419/Zoom-MMR-Server-Information-Leak.html Third Party Advisory,VDB Entry
https://explore.zoom.us/en/trust/security/security-bulletin Vendor Advisory
http://packetstormsecurity.com/files/165419/Zoom-MMR-Server-Information-Leak.html Third Party Advisory,VDB Entry
https://explore.zoom.us/en/trust/security/security-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android Meeting Sdk by Zoom

Android Video Sdk by Zoom

Controllers For Zoom Rooms by Zoom

Controllers For Zoom Rooms by Zoom

Controllers For Zoom Rooms by Zoom

Hybrid Mmr by Zoom

Hybrid Zproxy by Zoom

Iphone Os Meeting Sdk by Zoom

Iphone Os Video Sdk by Zoom

Macos Meeting Sdk by Zoom

Macos Video Sdk by Zoom

Meetings by Zoom

Meetings by Zoom

Meetings by Zoom

Meetings by Zoom

Meetings by Zoom

Meetings For Blackberry by Zoom

Meetings For Blackberry by Zoom

Meetings For Chrome Os by Zoom

Meetings For Intune by Zoom

Meetings For Intune by Zoom

Rooms For Conference Rooms by Zoom

Rooms For Conference Rooms by Zoom

Rooms For Conference Rooms by Zoom

Vdi Azure Virtual Desktop by Zoom

Vdi Citrix by Zoom

Vdi Vmware by Zoom

Virtual Desktop Infrastructure by Zoom

Windows Meeting Sdk by Zoom

Windows Video Sdk by Zoom

Zoom On Premise Meeting Connector Controller by Zoom

Zoom On Premise Meeting Connector Mmr by Zoom

Zoom On Premise Recording Connector by Zoom

Zoom On Premise Virtual Room Connector by Zoom

Zoom On Premise Virtual Room Connector Load Balancer by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Unnecessary Features

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities