CVE-2021-28133 — MEDIUM (4.3)

Q: How severe is CVE-2021-28133?

CVE-2021-28133 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-28133?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Zoom.

Vulnerability Description

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zoom	Zoom	<= 5.5.4

Related Weaknesses (CWE)

CWE-200

References

http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.03Third Party Advisory
http://seclists.org/fulldisclosure/2021/Mar/48Third Party Advisory
https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.htmlThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.tThird Party Advisory
https://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharThird Party Advisory
https://www.youtube.com/watch?v=SonmmgQlLzgThird Party Advisory
https://zoom.us/trust/security/security-bulletinVendor Advisory
http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.03Third Party Advisory
http://seclists.org/fulldisclosure/2021/Mar/48Third Party Advisory
https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.htmlThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.tThird Party Advisory
https://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharThird Party Advisory
https://www.youtube.com/watch?v=SonmmgQlLzgThird Party Advisory
https://zoom.us/trust/security/security-bulletinVendor Advisory

FAQ

What is CVE-2021-28133?

CVE-2021-28133 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user ...

How severe is CVE-2021-28133?

CVE-2021-28133 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28133?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Zoom.