CVE-2019-13449

Опубликовано: 09 июл. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.

Ссылки

https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf
Vendor Advisory
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
Vendor Advisory
https://bugs.chromium.org/p/chromium/issues/detail?id=951540
Exploit
Third Party Advisory
https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
https://twitter.com/zoom_us/status/1148710712241295361
Third Party Advisory
https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf
Vendor Advisory
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
Vendor Advisory
https://bugs.chromium.org/p/chromium/issues/detail?id=951540
Exploit
Third Party Advisory
https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
https://twitter.com/zoom_us/status/1148710712241295361
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zoom:zoom:*:*:*:*:*:mac_os_x:*:*

Версия до 4.4.2 (исключая)

EPSS

Процентиль: 70%

0.00625

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-574r-4r9p-83rg