CVE-2024-27240

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24019	Vendor Advisory
https://www.zoom.com/en/trust/security-bulletin/zsb-24019	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:workplace_desktop::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

05 Aug 2025, 13:40

Type	Values Removed	Values Added
CPE		cpe:2.3:a:zoom:rooms::::::windows::* cpe:2.3:a:zoom:workplace_desktop::::::windows::* cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
First Time		Zoom Zoom workplace Desktop Zoom workplace Virtual Desktop Infrastructure Zoom rooms
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-24019 -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-24019 - Vendor Advisory

21 Nov 2024, 09:04

Type	Values Removed	Values Added
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-24019 -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-24019 -

16 Jul 2024, 13:43

Type	Values Removed	Values Added
Summary		(es) Una validación de entrada incorrecta en el instalador de algunas aplicaciones de Zoom para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local.

15 Jul 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-15 18:15

Updated : 2025-08-05 13:40

NVD link : CVE-2024-27240

Mitre link : CVE-2024-27240

CVE.ORG link : CVE-2024-27240

JSON object : View

Products Affected

zoom

workplace_desktop
rooms
workplace_virtual_desktop_infrastructure

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-27240", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-15T18:15:03.873", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24019", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}, {"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24019", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zoom.us", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta en el instalador de algunas aplicaciones de Zoom para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2025-08-05T13:40:27.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB", "versionEndExcluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F", "versionEndExcluding": "6.0.0"}, {"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC", "versionEndExcluding": "5.17.13"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}