Rewterz Threat Advisory – Multiple Zoom Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-34422 

Zoom Keybase Client for Windows could allow a remote attacker to traverse directories on the system, caused by improper validation of a file uploaded to a team folder. An attacker could use a specially-crafted file name containing “dot dot” sequences (/../) to execute arbitrary code on the system.

CVE-2021-34421 

Zoom Keybase Client for iOS and Android could allow a remote attacker to obtain sensitive information, caused by not properly remove exploded messages initiated by a user. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2021-34420 

Zoom Client for Meetings for Windows could allow a remote attacker to bypass security restrictions, caused by improper validating the signature of files with .msi, .ps1, and .bat extensions. By persuading to open specially-crafted content, an attacker could exploit this vulnerability to install malicious software on a victim’s computer.

CVE-2021-34419 

Zoom Client for Meetings for Ubuntu Linux is vulnerable to HTML injection. A remote attacker could inject malicious HTML code when sending a remote control request, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.

CVE-2021-34418 

Zoom On-Premise products are vulnerable to a denial of service, caused by improper validating a NULL byte during authentication in the login service of the web console. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the login service to crash.

CVE-2021-34417 

Zoom On-Premise products could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation by the network proxy password in the network proxy page on the web portal. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary commands with rot privileges.

Impact

• Remote Code Execution
• Information Disclosure
• Security Bypass
• Denial of Service

Affected Vendors

Zoom

Affected Products

• Zoom Keybase Client for Windows 5.6.0
• Zoom Keybase Client for Android 5.7.0
• Zoom Keybase Client for iOS 5.7.0
• Zoom Zoom Client for Meetings for Windows 5.5
• Zoom Zoom Client for Meetings for Ubuntu Linux 5.0
• Zoom On-Premise Meeting Connector Controller 4.6.239
• Zoom On-Premise Meeting Connector MMR 4.6.239
• Zoom On-Premise Recording Connector 3.8.42
• Zoom On-Premise Virtual Room Connector 4.4.6344
• Zoom On-Premise Virtual Room Connector Load Balancer 2.5.5492
• Zoom On-Premise Meeting Connector Controller 4.6.365 Zoom On-Premise Meeting Connector MMR 4.6.365
• Zoom On-Premise Recording Connector 3.8.45
• Zoom On-Premise Virtual Room Connector 4.4.6868
• Zoom On-Premise Virtual Room Connector Load Balancer 2.5.5496

Remediation

Refer to Zoom Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2021-34422

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE-2021-34421

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE-2021-34420

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE-2021-34419

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE-2021-34418

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE-2021-34417

https://explore.zoom.us/en/trust/security/security-bulletin/