CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-18822

A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-18822-PrivEscal-ZoomCallRecording
https://www.zoomint.com/solutions/call-recording
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-18822-PrivEscal-ZoomCallRecording
https://www.zoomint.com/solutions/call-recording

Products affected by CVE-2019-18822

Eleveo » Call Recording » Version: 6.3.1

cpe:2.3:a:eleveo:call_recording:6.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18822

Products

Pricing

Contact Us