CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-24697: Zoom Clients - Untrusted Search Path
7.2
CVSS
Description
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
Classification
CVE ID: CVE-2024-24697
CVSS Base Severity: HIGH
CVSS Base Score: 7.2
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Problem Types
CWE-426 Untrusted Search PathAffected Products
Vendor: Zoom Video Communications, Inc.
Product: Zoom Clients
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 12.4% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-24697https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/