CVE-2024-24691: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

9.6 CVSS

Description

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Classification

CVE ID: CVE-2024-24691

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem Types

CWE-176: Improper Handling of Unicode Encoding

Affected Products

Vendor: Zoom Video Communications, Inc.

Product: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.34% (probability of being exploited)

EPSS Percentile: 56.3% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24691
https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/

Timeline

2025-05-12 16:40:14 UTC
CVE

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation