Login Sign Up

CVE-2024-39820

6.6 MEDIUM
Denial of Service Path Traversal

📋 TL;DR

An uncontrolled search path vulnerability in the Zoom Workplace Desktop App installer for macOS allows authenticated local users to cause denial of service. This affects macOS users running Zoom Workplace Desktop App versions before 6.0.10. Attackers need local access and authentication to exploit this vulnerability.

💻 Affected Systems

Products:
  • Zoom Workplace Desktop App
Versions: All versions before 6.0.10
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects macOS installations. Requires authenticated local user access.

📦 What is this software?

Workplace Desktop by Zoom

View all CVEs affecting Workplace Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker with local access could disrupt Zoom Workplace functionality, potentially preventing legitimate users from accessing the application or causing system instability.

🟠

Likely Case

Local authenticated users could cause temporary service disruption to the Zoom Workplace application, requiring restart or reinstallation.

🟢

If Mitigated

With proper access controls limiting local user privileges and timely patching, impact is minimal to non-existent.

🌐 Internet-Facing: LOW - This vulnerability requires local access and authentication, making remote exploitation unlikely.
🏢 Internal Only: MEDIUM - Internal users with local access and authentication could potentially exploit this to disrupt Zoom Workplace functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated local access. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.10 or later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24027

Restart Required: Yes

Instructions:

1. Open Zoom Workplace Desktop App. 2. Click on your profile picture. 3. Select 'Check for Updates'. 4. If update to 6.0.10 or later is available, install it. 5. Restart the application after installation.

🔧 Temporary Workarounds

Restrict local user privileges

macOS

Limit local user access and privileges on macOS systems to reduce attack surface

🧯 If You Can't Patch

  • Implement strict access controls to limit which users have local authentication on affected systems
  • Monitor for unusual activity or attempts to manipulate Zoom Workplace installation paths

🔍 How to Verify

Check if Vulnerable:

Check Zoom Workplace version by opening the app, clicking profile picture, and selecting 'About Zoom Workplace'. If version is below 6.0.10, system is vulnerable.

Check Version:

Open Terminal and run: /Applications/zoom.us.app/Contents/MacOS/zoom.us --version

Verify Fix Applied:

After updating, verify version is 6.0.10 or higher using the same method. Test Zoom Workplace functionality to ensure no disruption.

📡 Detection & Monitoring

Log Indicators:

  • Unusual installer activity, failed Zoom Workplace launches, permission errors in system logs

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Search for Zoom Workplace process failures or installer-related errors in macOS system logs

📊 Metadata

CVE ID: CVE-2024-39820
CVSS v3 Score: 6.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CWE: CWE-427
Published: July 15, 2024
Last Updated: August 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39820, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)