Zoom Privilege Escalation Vulnerability Via Improper Authorization


Zoom issued an urgent security advisory about a flaw in the Zoom client that could allow a user to gain higher level privileges and access that they are not authorized for.

Zoom Clients And User Roles

The Zoom web client is what users use to access a meeting.

Improper authorization in a Zoom client is a security flaw that allows users to gain access to functionalities or data that they are not authorized for based on the user privilege levels assigned to them.

There are three levels of access called user roles in Zoom. User roles defines whether a user has the necessary privileges to perform particular actions or access various data resources.

The three levels are:

  • Owner: Highest privilege level that has access to everything
  • Admin: Can add, remove, or edit users plus manage account features.
  • Members: The lowest user role. Can only manage their own profile settings

Zoom Clients – Improper Authorization

The Zoom security alert warned that users can escalate their user role privileges.

According to the security advisory:

“Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.”

This vulnerability is mitigated to a certain extent in that a user must first be authorized to the network in order to move on to the next step of escalating user privileges. That may be why the security issue has been assigned a severity rating of medium with a score of 5.5/10.

List Of Affected Zoom Clients

  • Zoom Desktop Client for Windows before version 5.16.0
  • Zoom Desktop Client for macOS before version 5.16.0
  • Zoom Mobile App for iOS before version 5.16.0
  • Zoom Mobile App for Android before version 5.16.0
  • Zoom Desktop Client for Linux before version 5.16.0
  • Zoom Rooms Client for Windows before version 5.16.0
  • Zoom Rooms Client for macOS before version 5.16.0
  • Zoom Rooms Client for Android before version 5.16.0
  • Zoom Rooms Client for iPad before version 5.16.0
  • Zoom VDI Client before version 5.16.0 (excluding 5.14.13 and 5.15.11)
  • Zoom Meeting SDK for Windows before version 5.16.0
  • Zoom Meeting SDK for iOS before version 5.16.0
  • Zoom Meeting SDK for Android before version 5.16.0
  • Zoom Meeting SDK for macOS before version 5.16.0
  • Zoom Meeting SDK for Linux before version 5.16.0

Update Zoom Client Immediately

Users are advised to update their Zoom clients.

Zoom recommends:

“Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”

Read the Zoom security bulletin:

Zoom Clients – Improper Authorization

Featured Image by Shutterstock/Ink Drop



Source link

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We Know You Better!
Subscribe To Our Newsletter
Be the first to get latest updates and
exclusive content straight to your email inbox.
Yes, I want to receive updates
No Thanks!
close-link

Subscribe to our newsletter

Sign-up to get the latest marketing tips straight to your inbox.
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.