A critical flaw in Zoom Clients allows attackers to escalate privileges

Home/Internet Security, malicious cyber actors, Mobile Security, Security Advisory, Security Update, vulnerability/A critical flaw in Zoom Clients allows attackers to escalate privileges

A critical flaw in Zoom Clients allows attackers to escalate privileges

A vulnerability categorized as improper input validation was discovered in Zoom Clients for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. This flaw could potentially enable an authenticated attacker to access sensitive information on the system via the network.

All about the Zoom clients vulnerability

The Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows are affected by a critical privilege escalation vulnerability (CVE-2024-24691) with a CVSS score of 9.6.

According to Zoom Offensive Security’s findings, the vulnerability is highly severe and can be exploited with a relatively low level of complexity.

The CVSS vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) offers additional insights into the vulnerability, indicating that it can be remotely exploited by an unauthenticated attacker with low privileges. This vulnerability significantly impacts the system’s confidentiality, integrity, and availability.

It arises from the application’s lack of validation for user inputs, allowing malicious actors to exploit this weakness by sending specially crafted data packets over the network.


If the application processes this data without proper validation, it can initiate unintended actions and potentially enable attackers to escalate their privileges, granting them complete control over the compromised system.

With such access, attackers could pilfer sensitive data, implant malicious software, disrupt crucial operations, or exploit the compromised system as a springboard for additional attacks.

Affected Products:


Zoom has issued a warning regarding a critical vulnerability (CVE-2024-24691) affecting Zoom Desktop Client and Zoom VDI Client for Windows. Versions preceding 5.16.5 for Desktop Client and 5.16.10 for VDI Client (excluding specific exceptions) are vulnerable.

This flaw enables unauthenticated attackers on the network to escalate privileges, potentially compromising the entire system. It is crucial to immediately upgrade to versions 5.16.5 (Desktop) or 5.16.10 (VDI, except the mentioned exceptions) using the provided link.

Furthermore, Zoom has identified a critical vulnerability (CVE-2024-24691) in Zoom Rooms Client for Windows versions older than 5.17.0 and Zoom Meeting SDK for Windows versions before 5.16.5.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!