CVE-2020-11469

high

Description

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

References

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://objective-see.com/blog/blog_0x56.html

https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/

Details

Source: Mitre, NVD

Published: 2020-04-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High