CVE-2024-27244

Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zoom.com/en/trust/security-bulletin/zsb-24015/	Vendor Advisory
https://www.zoom.com/en/trust/security-bulletin/zsb-24015/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
	cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*

History

21 Aug 2025, 16:20

Type	Values Removed	Values Added
First Time		Zoom workplace Virtual Desktop Infrastructure Zoom
CPE		cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure::::::windows::*
References	~~() https://www.zoom.com/en/trust/security-bulletin/zsb-24015/ -~~	() https://www.zoom.com/en/trust/security-bulletin/zsb-24015/ - Vendor Advisory

Information

Published : 2024-05-15 21:15

Updated : 2025-08-21 16:20

NVD link : CVE-2024-27244

Mitre link : CVE-2024-27244

CVE.ORG link : CVE-2024-27244

JSON object : View

Products Affected

zoom

workplace_virtual_desktop_infrastructure

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2024-27244", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zoom.us", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-15T21:15:08.220", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/", "tags": ["Vendor Advisory"], "source": "security@zoom.us"}, {"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24015/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zoom.us", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access."}, {"lang": "es", "value": "Una verificaci\u00f3n insuficiente de la autenticidad de los datos en el instalador de la aplicaci\u00f3n Zoom Workplace VDI para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2025-08-21T16:20:43.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "42A0AA83-66B4-42FC-BBFA-EF365EB036CC", "versionEndExcluding": "5.15.0"}, {"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9960288B-0929-40DF-A435-3D0897E688BC", "versionEndExcluding": "5.17.10", "versionStartIncluding": "5.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@zoom.us"}