Vulnerability Details CVE-2021-34415
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
Products affected by CVE-2021-34415
-
cpe:2.3:a:zoom:meeting_connector:1.0.23635.0520
-
cpe:2.3:a:zoom:meeting_connector:1.0.23635.0911
-
cpe:2.3:a:zoom:meeting_connector:1.0.31398.1104
-
cpe:2.3:a:zoom:meeting_connector:1.0.34775.1213
-
cpe:2.3:a:zoom:meeting_connector:2.5.863.0609
-
cpe:2.3:a:zoom:meeting_connector:3.6.43993.0312
-
cpe:2.3:a:zoom:meeting_connector:4.0.74356.1206
-
cpe:2.3:a:zoom:meeting_connector:4.3.114891.1123
-
cpe:2.3:a:zoom:meeting_connector:4.3.134251.1029
-
cpe:2.3:a:zoom:meeting_connector:4.3.36476.0327
-
cpe:2.3:a:zoom:meeting_connector:4.3.98838.1114
-
cpe:2.3:a:zoom:meeting_connector:4.5.201900.0926
-
cpe:2.3:a:zoom:meeting_connector:4.5.546.20200116
-
cpe:2.3:a:zoom:meeting_connector:4.6.148.20200430
-
cpe:2.3:a:zoom:meeting_connector:4.6.159.20200505
-
cpe:2.3:a:zoom:meeting_connector:4.6.239.20200613
-
cpe:2.3:a:zoom:meeting_connector:4.6.327.20200724
-
cpe:2.3:a:zoom:meeting_connector:4.6.348.20201217