Описание
Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.8.20220419.112 (исключая)
cpe:2.3:a:zoom:meeting_connector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00643
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-121
CWE-787
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code.
EPSS
Процентиль: 70%
0.00643
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-121
CWE-787