CVE-2021-30480 — HIGH (8.5)

Q: How severe is CVE-2021-30480?

CVE-2021-30480 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-30480?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Chat, Apple Macos, Microsoft Windows.

Vulnerability Description

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.

CVSS Score

8.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zoom	Chat	<= 2021-04-09
Apple	Macos	-
Microsoft	Windows	-

References

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-dayThird Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
https://sector7.computest.nl/post/2021-08-zoom/ExploitThird Party Advisory
https://twitter.com/thezdi/status/1379855435730149378Third Party Advisory
https://twitter.com/thezdi/status/1379859851061395459Third Party Advisory
https://www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2ownPress/Media CoverageThird Party Advisory
https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-ePress/Media CoverageThird Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-971/Third Party AdvisoryVDB Entry
https://zoom.us/feature/messagingProductVendor Advisory
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-dayThird Party Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
https://sector7.computest.nl/post/2021-08-zoom/ExploitThird Party Advisory
https://twitter.com/thezdi/status/1379855435730149378Third Party Advisory
https://twitter.com/thezdi/status/1379859851061395459Third Party Advisory
https://www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2ownPress/Media CoverageThird Party Advisory

FAQ

What is CVE-2021-30480?

CVE-2021-30480 is a vulnerability with a CVSS score of 8.5 (HIGH). Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or...

How severe is CVE-2021-30480?

CVE-2021-30480 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-30480?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Chat, Apple Macos, Microsoft Windows.