CVE-2024-45424

Q: What is the severity of CVE-2024-45424?

CVE-2024-45424 has a CVSS score of 5.3 (MEDIUM). A business logic error in certain Zoom Workplace applications allows unauthenticated attackers to access sensitive information via network access. This affects organizations using vulnerable Zoom Workplace apps, potentially exposing internal data to external parties.

5.3 MEDIUM

Authentication Bypass

📋 TL;DR

A business logic error in certain Zoom Workplace applications allows unauthenticated attackers to access sensitive information via network access. This affects organizations using vulnerable Zoom Workplace apps, potentially exposing internal data to external parties.

💻 Affected Systems

Products:

Zoom Workplace Apps

Versions: Specific versions not detailed in advisory; check Zoom security bulletin ZSB-24036

Operating Systems: Multiple platforms (Windows, macOS, Linux, mobile)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires network access to affected Zoom Workplace applications.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthenticated attackers could access sensitive business information, internal communications, or proprietary data stored within Zoom Workplace applications.

🟠

Likely Case

Information disclosure of non-critical data such as user directories, meeting metadata, or configuration details.

🟢

If Mitigated

Limited exposure with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access but no authentication, making it relatively straightforward for attackers with network visibility.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-24036 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24036/

Restart Required: Yes

Instructions:

1. Review Zoom security bulletin ZSB-24036. 2. Update all Zoom Workplace applications to the latest patched version. 3. Restart applications after update. 4. Verify update completion.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom Workplace applications using firewalls or network policies

Access Control Lists

all

Implement strict ACLs to limit which IP addresses can communicate with Zoom Workplace applications

🧯 If You Can't Patch

Implement network segmentation to isolate Zoom Workplace applications from untrusted networks
Deploy web application firewalls (WAF) with rules to detect and block information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check Zoom application version against patched versions listed in ZSB-24036 security bulletin

Check Version:

Zoom desktop: Help > About; Zoom mobile: Settings > About

Verify Fix Applied:

Confirm Zoom Workplace applications are updated to versions specified in Zoom's security bulletin

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Zoom Workplace applications
Multiple failed authentication attempts followed by successful unauthenticated requests

Network Indicators:

Unusual traffic to Zoom application ports from unexpected sources
Information disclosure patterns in network traffic

SIEM Query:

source="zoom*" AND (event_type="access" OR event_type="request") AND auth_status="unauthenticated" AND result="success"

📊 Metadata

CVE ID: CVE-2024-45424

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-840

EPSS Score: 0.29% exploit probability (51.7th percentile)

Published: February 25, 2025

Last Updated: March 5, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24036/ Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities