CVE-2024-24691 – This vulnerability allows an unauthenticated at... (How to Fix)

Q: What is the severity of CVE-2024-24691?

CVE-2024-24691 has a CVSS score of 9.6 (CRITICAL). This vulnerability allows an unauthenticated attacker on the same network to escalate privileges on Windows systems running affected Zoom software. It affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Attackers can potentially gain elevated system access without authentication.

📋 TL;DR

This vulnerability allows an unauthenticated attacker on the same network to escalate privileges on Windows systems running affected Zoom software. It affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Attackers can potentially gain elevated system access without authentication.

💻 Affected Systems

Products:

Zoom Desktop Client for Windows
Zoom VDI Client for Windows
Zoom Meeting SDK for Windows

Versions: Versions prior to 5.17.10

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Zoom products on Windows are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, system configuration changes, or persistence mechanisms.

🟢

If Mitigated

Limited impact if network segmentation prevents unauthenticated network access to vulnerable systems.

🌐 Internet-Facing: MEDIUM - Requires network access but unauthenticated exploitation is possible if vulnerable systems are exposed.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access but no authentication, making it relatively easy to exploit if network conditions allow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.17.10 and later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/

Restart Required: Yes

Instructions:

1. Open Zoom Desktop Client. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. If update is available, click 'Update'. 5. Restart Zoom after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom clients to trusted networks only

Disable Unnecessary Services

windows

Disable Zoom services when not in use to reduce attack surface

sc stop ZoomService
sc config ZoomService start= disabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate Zoom clients from untrusted networks
Use application whitelisting to prevent unauthorized processes from executing

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings > About Zoom. If version is below 5.17.10, system is vulnerable.

Check Version:

wmic product where "name like 'Zoom%'" get version

Verify Fix Applied:

Confirm Zoom version is 5.17.10 or higher in Settings > About Zoom.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Zoom executables
Failed privilege escalation attempts in Windows Event Logs

Network Indicators:

Unexpected network connections to Zoom client ports from untrusted sources

SIEM Query:

EventID=4688 AND ProcessName LIKE '%zoom%' AND NewProcessName LIKE '%system%' OR EventID=4672

📊 Metadata

CVE ID: CVE-2024-24691

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-176

Published: February 14, 2024

Last Updated: November 21, 2024

🔗 References

https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/ Vendor Advisory
https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24691, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Rooms by Zoom

Vdi Windows Meeting Clients by Zoom

Vdi Windows Meeting Clients by Zoom

Vdi Windows Meeting Clients by Zoom

Zoom by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable Unnecessary Services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities