CVE-2024-42437

Q: What is the severity of CVE-2024-42437?

CVE-2024-42437 has a CVSS score of 6.5 (MEDIUM). A buffer overflow vulnerability in Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers allows authenticated users to cause denial of service via network access. This affects organizations using vulnerable Zoom products for meetings, collaboration, and conference room systems. The vulnerability requires authentication but can disrupt Zoom services.

6.5 MEDIUM

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers allows authenticated users to cause denial of service via network access. This affects organizations using vulnerable Zoom products for meetings, collaboration, and conference room systems. The vulnerability requires authentication but can disrupt Zoom services.

💻 Affected Systems

Products:

Zoom Workplace Apps
Zoom SDKs
Zoom Rooms Clients
Zoom Rooms Controllers

Versions: Specific versions not detailed in reference; check Zoom security bulletin ZSB-24031 for exact versions

Operating Systems: Multiple platforms supported by Zoom products

Default Config Vulnerable: ⚠️ Yes

Notes: Affects authenticated users only; requires network access to vulnerable Zoom components.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Zoom applications and conference room systems, potentially affecting business operations and meetings.

🟠

Likely Case

Temporary denial of service affecting specific Zoom applications or conference rooms, requiring restart of affected services.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls, potentially affecting only isolated systems.

🌐 Internet-Facing: MEDIUM - Exploitation requires authenticated access but can be triggered via network, making internet-facing Zoom services potentially vulnerable.

🏢 Internal Only: MEDIUM - Internal authenticated users could disrupt Zoom services within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and network connectivity to vulnerable Zoom components; buffer overflow exploitation typically requires specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-24031 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24031

Restart Required: Yes

Instructions:

1. Review Zoom security bulletin ZSB-24031
2. Identify affected Zoom products in your environment
3. Update to patched versions specified in the bulletin
4. Restart Zoom applications/services after update

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom services to trusted users only

Authentication Controls

all

Implement strong authentication and monitor for suspicious authenticated sessions

🧯 If You Can't Patch

Implement strict network access controls to limit which users can reach Zoom services
Monitor Zoom application logs for unusual activity or crash patterns

🔍 How to Verify

Check if Vulnerable:

Check Zoom application versions against those listed in security bulletin ZSB-24031

Check Version:

Zoom applications typically show version in About section or via command line depending on platform

Verify Fix Applied:

Confirm Zoom applications are updated to versions specified in the security bulletin

📡 Detection & Monitoring

Log Indicators:

Zoom application crashes
Unexpected service restarts
Buffer overflow error messages in logs

Network Indicators:

Unusual network traffic patterns to Zoom services
Multiple connection attempts from authenticated users

SIEM Query:

Search for Zoom process crashes or buffer overflow errors in application logs

📊 Metadata

CVE ID: CVE-2024-42437

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-122

Published: August 14, 2024

Last Updated: September 4, 2024

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24031 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Authentication Controls

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities