Vulnerability CVE-2021-34418


Published: 2021-11-11   Modified: 2021-11-12

Description:
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
ZOOM -> Zoom on-premise meeting connector controller 
ZOOM -> Zoom on-premise meeting connector mmr 
ZOOM -> Zoom on-premise recording connector 
ZOOM -> Zoom on-premise virtual room connector 
ZOOM -> Zoom on-premise virtual room connector load balancer 

 References:
https://explore.zoom.us/en/trust/security/security-bulletin

Copyright 2022, cxsecurity.com

 

Back to Top