CVE-2024-24693 – An improper access control vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-24693?

CVE-2024-24693 has a CVSS score of 7.2 (HIGH). An improper access control vulnerability in the Zoom Rooms Client for Windows installer allows authenticated local users to cause denial of service. This affects organizations using Zoom Rooms on Windows systems where users have local access to the installation directory. The vulnerability is present in versions before 5.17.5.

📋 TL;DR

An improper access control vulnerability in the Zoom Rooms Client for Windows installer allows authenticated local users to cause denial of service. This affects organizations using Zoom Rooms on Windows systems where users have local access to the installation directory. The vulnerability is present in versions before 5.17.5.

💻 Affected Systems

Products:

Zoom Rooms Client for Windows

Versions: All versions before 5.17.5

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Zoom Rooms Client installations on Windows. Requires local authenticated access to exploit.

📦 What is this software?

Rooms by Zoom

View all CVEs affecting Rooms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated local user could disrupt Zoom Rooms functionality, potentially affecting meeting room availability and business operations.

🟠

Likely Case

Local users with standard privileges could interfere with Zoom Rooms installation or operation, causing temporary service disruption.

🟢

If Mitigated

With proper access controls and patching, the risk is minimal as only authenticated local users can exploit this vulnerability.

🌐 Internet-Facing: LOW - This vulnerability requires local access and cannot be exploited remotely over the internet.

🏢 Internal Only: MEDIUM - Internal users with local access to Zoom Rooms systems could potentially disrupt service, but exploitation requires authenticated access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated local access. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.17.5

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24009/

Restart Required: Yes

Instructions:

1. Download Zoom Rooms Client version 5.17.5 or later from the official Zoom website. 2. Run the installer to update the existing installation. 3. Restart the system to complete the update.

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user access to Zoom Rooms installation directories and system resources

🧯 If You Can't Patch

Implement strict access controls to limit which users can access Zoom Rooms installation directories
Monitor for unusual activity related to Zoom Rooms processes and installation directories

🔍 How to Verify

Check if Vulnerable:

Check Zoom Rooms Client version in the application settings or About dialog

Check Version:

Check version in Zoom Rooms Client settings or via Windows Programs and Features

Verify Fix Applied:

Confirm Zoom Rooms Client version is 5.17.5 or later in the application settings

📡 Detection & Monitoring

Log Indicators:

Unusual access attempts to Zoom Rooms installation directories
Failed installation or update attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for file access events in Zoom Rooms installation directories by non-administrative users

📊 Metadata

CVE ID: CVE-2024-24693

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H

CWE: CWE-379

Published: March 13, 2024

Last Updated: November 21, 2024

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ Vendor Advisory
https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24693, you might also want to check these: