Detections
Analytics

Zoom Client for Meetings < 4.6.19253.0401 Multiple Vulnerabilities

critical Nessus Plugin ID 135188

Language:

Synopsis

The remote host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Zoom Client for Meetings installed on the remote Windows host is prior to 4.6.19253.0401. It is, therefore, affected by the following vulnerabilities:

 - A malicious party can use UNC links to leak a user's hashed password.

 - Users can access chat in a webinar when chat is disabled.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Zoom Client for Meetings 4.6.19253.0401 or later.

See Also

http://www.nessus.org/u?774d8ec7

Plugin Details

Severity: Critical

ID: 135188

File Name: zoom_client_4_6_19253_0401.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 4/3/2020

Updated: 4/3/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Based on the vendor advisory.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:zoom:zoom_client_for_meetings, cpe:/a:zoom:zoom_cloud_meetings

Required KB Items: SMB/Registry/Enumerated, installed_sw/Zoom Client for Meetings

Patch Publication Date: 4/2/2020

Vulnerability Publication Date: 3/30/2020