April 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Scammers Pose as CISA Employees to Commit Financial Theft
June 14, 2024SideWinder APT Group aka Rattlesnake – Active IOCs
June 14, 2024Scammers Pose as CISA Employees to Commit Financial Theft
June 14, 2024SideWinder APT Group aka Rattlesnake – Active IOCs
June 14, 2024
Severity
Medium
Analysis Summary
CVE-2024-27239 CVSS:4.3
Zoom Workplace Apps and SDKs is vulnerable to a denial of service, caused by a divide by zero flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-27246 CVSS:4.3
Zoom Workplace Apps and SDKs is vulnerable to a denial of service, caused by a use-after-free flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-27245 CVSS:4.3
Zoom Workplace Apps and SDKs is vulnerable to a denial of service, caused by a buffer overflow flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-27239
- CVE-2024-27246
- CVE-2024-27245
Affected Vendors
Zoom
Affected Products
- Zoom Meeting SDK for Windows
- Zoom Meeting SDK for iOS
- Zoom Meeting SDK for Android
- Zoom Meeting SDK for macOS
- Zoom Meeting SDK for Linux
- Zoom Workplace Desktop App for Windows
- Zoom Workplace Desktop App for macOS
- Zoom Workplace Desktop App for Linux
- Zoom Workplace VDI App for Windows
- Zoom Workplace App for iOS
- Zoom Workplace App for Android
- Zoom Rooms App for Windows
- Zoom Rooms App for macOS
- Zoom Rooms App for iPad
Remediation
Refer to Zoom Security Document for patch, upgrade or suggested workaround information.
