CVE-2024-24695: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

6.8 CVSS

Description

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.

Classification

CVE ID: CVE-2024-24695

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Problem Types

CWE-20 Improper Input Validation

Affected Products

Vendor: Zoom Video Communications, Inc.

Product: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.15% (probability of being exploited)

EPSS Percentile: 36.99% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24695
https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/

Timeline

2025-04-10 19:40:11 UTC
CVE

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation