CVE-2024-45422

Q: What is the severity of CVE-2024-45422?

CVE-2024-45422 has a CVSS score of 6.5 (MEDIUM). An improper input validation vulnerability in Zoom Apps before version 6.2.0 allows unauthenticated attackers to cause denial of service via network access. This affects Zoom Apps users running vulnerable versions, potentially disrupting application functionality.

6.5 MEDIUM

Denial of Service

📋 TL;DR

An improper input validation vulnerability in Zoom Apps before version 6.2.0 allows unauthenticated attackers to cause denial of service via network access. This affects Zoom Apps users running vulnerable versions, potentially disrupting application functionality.

💻 Affected Systems

Products:

Zoom Apps

Versions: All versions before 6.2.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of Zoom Apps before 6.2.0 are vulnerable. The vulnerability requires network access to the application.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Zoom Apps functionality, rendering the application unusable until restarted or patched.

🟠

Likely Case

Temporary service degradation or application crashes affecting user productivity and meeting functionality.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated software.

🌐 Internet-Facing: HIGH - Unauthenticated network access means internet-facing instances are directly vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require attacker access to internal network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access but no authentication, making exploitation straightforward for attackers with network connectivity to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.0 and later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24044

Restart Required: Yes

Instructions:

1. Open Zoom Apps. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Install version 6.2.0 or later. 5. Restart the application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom Apps to trusted networks only

Application Firewall Rules

all

Implement firewall rules to limit incoming connections to Zoom Apps

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach Zoom Apps instances
Monitor for unusual traffic patterns or repeated connection attempts to Zoom Apps

🔍 How to Verify

Check if Vulnerable:

Check Zoom Apps version in Settings > About. If version is below 6.2.0, the system is vulnerable.

Check Version:

On Windows: zoom.exe --version. On macOS/Linux: open Zoom Apps and check About section.

Verify Fix Applied:

Confirm Zoom Apps version is 6.2.0 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Multiple failed connection attempts
Application crash logs
Unusual network traffic patterns

Network Indicators:

High volume of malformed packets to Zoom Apps ports
Unusual traffic spikes to Zoom Apps

SIEM Query:

source="zoom_apps" AND (event_type="crash" OR connection_count > threshold)

📊 Metadata

CVE ID: CVE-2024-45422

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-20

Published: November 19, 2024

Last Updated: August 19, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24044 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Video Software Development Kit by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Application Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities