Vulnerability Details CVE-2021-34420
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.2%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 4.3
References
- https://explore.zoom.us/en/trust/security/security-bulletin
- https://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e
- https://explore.zoom.us/en/trust/security/security-bulletin
- https://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e
Products affected by CVE-2021-34420
-
cpe:2.3:a:zoom:zoom_client_for_meetings:*