1. Home
  2. CVE Database
  3. CVE-2021-34409
HIGH · 7.8

CVE-2021-34409

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad bef...

Vulnerability Description

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ZoomMeetings< 5.2.0
ZoomRooms< 5.1.0
ZoomScreen Sharing< 5.2.0

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2021-34409?

CVE-2021-34409 is a vulnerability with a CVSS score of 7.8 (HIGH). It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad bef...

How severe is CVE-2021-34409?

CVE-2021-34409 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34409?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Meetings, Zoom Rooms, Zoom Screen Sharing.