CVE-2024-27244

Published May 15, 2024

Last updated 8 months ago

CVSS medium 6.7
VDI

Overview

Description
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Source
security@zoom.us
NVD status
Analyzed
Products
workplace_virtual_desktop_infrastructure

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@zoom.us
CWE-347

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupCVE-2026-4368
  2. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  3. Broadcom VMware Aria Operations Command Injection VulnerabilityCVE-2026-22719
  4. Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.CVE-2026-22769
  5. Microsoft Windows Improper Privilege Management VulnerabilityCVE-2026-21533

References

Sources include official advisories and independent security research.