What is this vulnerability and why does it matter?

This vulnerability, identified as CVE-2024-42434, is characterized by missing authorization in specific Zoom products. It allows a privileged user to perform information disclosure through network access. This is significant because it could lead to unauthorized access to sensitive data within affected Zoom environments, potentially compromising confidentiality.

What are the CVSS score, severity level, and disclosure details?

The CVSS score for this vulnerability is 4.9. This score typically places it in the Medium severity category. The vulnerability was published on 2024-08-14 at 16:39:38 UTC and was last modified on 2025-10-07 at 13:15:09 UTC.

Which products, vendors, systems, and versions are affected?

The affected products include:

• Zoom Workplace Apps
• Zoom SDKs
• Zoom Rooms Clients
• Zoom Rooms Controllers

The vendor is Zoom. Specific affected versions are not provided in the available data.

What is the technical root cause and attack vector?

The technical root cause of this vulnerability is a missing authorization mechanism (CWE-862). This flaw is compounded by potential information exposure (CWE-200). The attack vector involves a privileged user leveraging network access to exploit the missing authorization.

How can this vulnerability be exploited?

This vulnerability can be exploited by a privileged user who has network access to an affected Zoom product. By exploiting the missing authorization, the privileged user can conduct information disclosure. The specific methods of exploitation are not detailed beyond requiring network access and a privileged user status.

What mitigation steps and patches are available?

Specific mitigation steps or available patches are not detailed in the provided CVE data. Users are advised to monitor official Zoom security advisories for updates and remediation guidance.

How can vulnerable systems be detected?

Detailed methods for detecting vulnerable systems are not provided in the CVE data. Detection would typically involve identifying affected product versions, which are not specified here, and checking for the presence of the missing authorization flaw.

What are the indicators of compromise (IOCs)?

Specific Indicators of Compromise (IOCs) are not provided in the available CVE data. Organizations should monitor for unusual network activity or unauthorized access attempts related to their Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers.

Which threat actors are known to exploit this vulnerability?

There is no information provided in the CVE data regarding specific threat actors known to exploit CVE-2024-42434.

What public intelligence references and advisories exist?

The primary public intelligence reference for this issue is CVE-2024-42434. It is also categorized under the Common Weakness Enumerations (CWEs) CWE-862 (Missing Authorization) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

What is the risk assessment and urgency level?

Based on a CVSS score of 4.9, the risk assessment for CVE-2024-42434 is Medium. The urgency level is moderate, as it involves information disclosure requiring a privileged user and network access. However, the lack of specific version details and explicit patches means affected organizations should monitor vendor advisories closely and prepare for remediation once guidance is available.