CVE-2024-45426 – This vulnerability in Zoom Workplace Apps allow... (How to Fix)

Q: What is the severity of CVE-2024-45426?

CVE-2024-45426 has a CVSS score of 4.9 (MEDIUM). This vulnerability in Zoom Workplace Apps allows privileged users to access information they shouldn't have permission to view through incorrect ownership assignment. It affects organizations using Zoom Workplace Apps where privileged users could exploit this flaw. The risk involves unauthorized information disclosure via network access.

📋 TL;DR

This vulnerability in Zoom Workplace Apps allows privileged users to access information they shouldn't have permission to view through incorrect ownership assignment. It affects organizations using Zoom Workplace Apps where privileged users could exploit this flaw. The risk involves unauthorized information disclosure via network access.

💻 Affected Systems

Products:

Zoom Workplace Apps

Versions: Specific versions not detailed in advisory; check Zoom security bulletin ZSB-24038

Operating Systems: All platforms running Zoom Workplace Apps

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged user account; affects Zoom Workplace Apps specifically (not all Zoom products)

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged user accesses sensitive internal data, business communications, or confidential information belonging to other users or departments.

🟠

Likely Case

Privileged user accesses limited scope of information they shouldn't have permission to view, potentially violating data privacy policies.

🟢

If Mitigated

Minimal impact with proper access controls, monitoring, and least privilege principles in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires privileged user credentials; vulnerability is in ownership assignment logic

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Zoom security bulletin ZSB-24038 for specific patched versions

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24038/

Restart Required: Yes

Instructions:

1. Review Zoom security bulletin ZSB-24038
2. Update all Zoom Workplace Apps to latest version
3. Restart applications after update
4. Verify update completion

🔧 Temporary Workarounds

Restrict Privileged Access

all

Apply principle of least privilege to limit which users have administrative/privileged access to Zoom Workplace Apps

Network Segmentation

all

Segment Zoom Workplace Apps network traffic to limit exposure

🧯 If You Can't Patch

Implement strict access controls and monitor privileged user activity
Segment Zoom Workplace Apps from sensitive network resources

🔍 How to Verify

Check if Vulnerable:

Check Zoom Workplace App version against affected versions in ZSB-24038 advisory

Check Version:

Check within Zoom Workplace App settings or consult Zoom documentation for version checking

Verify Fix Applied:

Verify Zoom Workplace App version is updated beyond affected versions listed in ZSB-24038

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns by privileged users
Access to resources outside normal scope for user role

Network Indicators:

Unusual data transfers from Zoom Workplace Apps
Access to restricted network segments

SIEM Query:

privileged_user AND (zoom OR workplace_app) AND (access_denied OR permission_error)

📊 Metadata

CVE ID: CVE-2024-45426

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-708

EPSS Score: 0.11% exploit probability (28.9th percentile)

Published: February 25, 2025

Last Updated: March 4, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45426, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Meeting Software Development Kit by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Rooms Controller by Zoom

Workplace by Zoom

Workplace Desktop by Zoom

Workplace Desktop by Zoom

Workplace Virtual Desktop Infrastructure by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Privileged Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities