CVE-2024-45418

Summary

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

Affected Software

VendorProductVersion RangeStatus
Zoom Communications, IncZoom Apps for macOS0 < 6.1.5affected

Weaknesses

  • CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References