Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-28133

Published: 18/03/2021 Updated: 26/03/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Zoom

Vulnerability Summary

Zoom up to and including 5.5.4 sometimes allows malicious users to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

Most Upvoted Vulmon Research Post
Vulmon 💬 CVE-2021-28133

Zoom Unintended Screen Sharing Vulnerability POC:

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoom zoom

Mailing Lists

Packetstorm: Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure
Zoom versions 543 (547791115) and 554 (131420301) temporarily shares other application windows not in scope for sharing ...
Full Disclosure: [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)
Advisory ID: SYSS-2020-044 Product: Zoom Manufacturer: Zoom Video Communications, Inc Affected Version(s): 543 (547791115) 554 (131420301) Tested Version(s): 543 (547791115) 554 (131420301) Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668) Risk Level: Medium Solution Status: Open ...

Recent Articles

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data
Threatpost • Lindsey O'Donnell • 18 Mar 2021

A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out.
The flaw (CVE-2021-28133) stems from a glitch in the screen sharing function of video conferencing platform Zoom. This function allows users to share the contents of their screen with other participants in a Zoom conferencing call. They have the option to share their entire ...

Read more...

References

CWE-200http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2021/Mar/48https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.htmlhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txthttps://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharing-funktionalitaet-von-zoom-cve-2021-28133https://www.youtube.com/watch?v=SonmmgQlLzghttps://zoom.us/trust/security/security-bulletinhttps://nvd.nist.govhttps://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.htmlhttps://threatpost.com/zoom-glitch-leaks-data/164876/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-20788insecure direct object referenceCVE-2021-3490CVE-2020-18013CVE-2021-37595HTML injectionCVE-2021-33909authentication bypassCVE-2021-22521
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook