How severe is CVE-2024-24691?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Is CVE-2024-24691 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zoom Video Communications, Inc. Desktop Client For Windows, Vdi And Meeting Sdk Windows

CVE-2024-24691

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

EPSS: 0.003 (56.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Zoom Video Communications, Inc. Desktop Client For Windows, Vdi And Meeting Sdk Windows — versions see references

Weakness classification (CWE)

CWE-176

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.zoom.com/en/trust/security-bulletin/ZSB-24008/

Frequently asked questions

What is CVE-2024-24691?: CVE-2024-24691 is a critical-severity vulnerability in Zoom Video Communications, Inc. Desktop Client For Windows, Vdi And Meeting Sdk Windows, classified under CWE-176. CVSS score: 9.6/10. Published 2024-02-14.
How severe is CVE-2024-24691?: Critical severity. CVSS v3 base score is 9.6 out of 10.
Is CVE-2024-24691 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.