CVE-2024-45419

Q: What is the severity of CVE-2024-45419?

CVE-2024-45419 has a CVSS score of 8.1 (HIGH). An improper input validation vulnerability in certain Zoom Apps allows unauthenticated attackers to access sensitive information via network access. This affects Zoom Apps that haven't been updated to patched versions. The vulnerability enables information disclosure without requiring authentication.

8.1 HIGH

📋 TL;DR

An improper input validation vulnerability in certain Zoom Apps allows unauthenticated attackers to access sensitive information via network access. This affects Zoom Apps that haven't been updated to patched versions. The vulnerability enables information disclosure without requiring authentication.

💻 Affected Systems

Products:

Zoom Apps

Versions: Specific versions not detailed in advisory; check Zoom security bulletin ZSB-24041 for affected versions

Operating Systems: All platforms running vulnerable Zoom Apps

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects certain Zoom Apps with the vulnerability; not all Zoom applications are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthenticated attackers could access sensitive user data, meeting information, or internal system details exposed through vulnerable Zoom Apps.

🟠

Likely Case

Attackers scanning for vulnerable Zoom Apps could extract configuration data, user information, or other sensitive details exposed by the vulnerable applications.

🟢

If Mitigated

With proper network segmentation and updated software, the impact is limited to isolated systems with minimal sensitive data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access but no authentication, making it relatively easy to exploit if vulnerable systems are exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-24041 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24041

Restart Required: Yes

Instructions:

1. Review Zoom security bulletin ZSB-24041. 2. Identify affected Zoom Apps. 3. Update all Zoom Apps to the latest patched versions. 4. Restart Zoom applications after update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom Apps to only trusted networks

Firewall Rules

all

Implement firewall rules to limit access to Zoom Apps from untrusted networks

🧯 If You Can't Patch

Isolate vulnerable Zoom Apps to internal networks only
Implement strict network access controls and monitor for suspicious access attempts

🔍 How to Verify

Check if Vulnerable:

Check Zoom App versions against the affected versions listed in ZSB-24041 security bulletin

Check Version:

Check within Zoom App settings or consult Zoom documentation for version checking

Verify Fix Applied:

Verify Zoom Apps are updated to versions specified in the security bulletin as patched

📡 Detection & Monitoring

Log Indicators:

Unusual network connections to Zoom Apps
Multiple failed authentication attempts followed by successful data access

Network Indicators:

Unusual data exfiltration patterns from Zoom App servers
Unexpected network traffic to Zoom App ports

SIEM Query:

source="zoom_apps" AND (event_type="data_access" OR event_type="unauthenticated_request")

📊 Metadata

CVE ID: CVE-2024-45419

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-252

Published: November 19, 2024

Last Updated: August 19, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24041 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities