June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Critical Severity Fortinet RCE Vulnerability PoC Exploit Made Publicly Available
May 29, 2024
Multiple NETGEAR Products Vulnerabilities
May 29, 2024
Critical Severity Fortinet RCE Vulnerability PoC Exploit Made Publicly Available
May 29, 2024
Multiple NETGEAR Products Vulnerabilities
May 29, 2024
Severity
Medium
Analysis Summary
CVE-2024-27243 CVSS:6.5
Zoom Workplace Apps and SDK are vulnerable to a denial of service, caused by a buffer overflow. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-27244 CVSS:6.7
Zoom Workplace VDI App for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient verification of data authenticity in the installer. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-27243
- CVE-2024-27244
Affected Vendors
Zoom
Affected Products
- Zoom Meeting SDK for Windows
- Zoom Meeting SDK for iOS
- Zoom Meeting SDK for Android
- Zoom Meeting SDK for macOS
- Zoom Meeting SDK for Linux
- Zoom Workplace Desktop App for Windows
- Zoom Workplace Desktop App for macOS
- Zoom Workplace Desktop App for Linux
- Zoom Workplace VDI App for Windows
- Zoom Workplace App for iOS
- Zoom Workplace App for Android
Remediation
Refer to Zoom Security Document for patch, upgrade or suggested workaround information.