Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-34423

Published: 24/11/2021 Updated: 29/04/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Meetings

Vulnerability Summary

A buffer overflow vulnerability exists in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoom meetings

zoom meetings_for_blackberry

zoom meetings_for_intune

zoom meetings for chrome os

zoom rooms_for_conference_rooms

zoom controllers_for_zoom_rooms

zoom virtual desktop infrastructure

zoom windows meeting sdk

zoom macos meeting sdk

zoom iphone os meeting sdk

zoom android meeting sdk

zoom windows video sdk

zoom iphone os video sdk

zoom macos video sdk

zoom android video sdk

zoom hybrid mmr

zoom hybrid zproxy

zoom zoom on-premise meeting connector controller

zoom zoom on-premise virtual room connector

zoom zoom on-premise recording connector

zoom zoom on-premise virtual room connector load balancer

zoom zoom on-premise meeting connector mmr

zoom vdi vmware

zoom vdi citrix

zoom vdi azure virtual desktop

zoom vdi windows meeting client

Github Repositories

https://github.com/cyberheartmi9/Proxyshell-Scanner

nuclei scanner for proxyshell ( CVE-2021-34473 )

Proxyshell-Scanner nuclei scanner for Proxyshell RCE (CVE-2021-34423,CVE-2021-34473,CVE-2021-31207) discovered by orange tsai in Pwn2Own, which affect microsoft exchange server POC Resource blogorangetw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1html blogorangetw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2html https:/

https://github.com/kh4sh3i/ProxyShell

CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability

ProxyShell (CVE-2021-34473) CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability This faulty URL normalization lets us access an arbitrary backend URL while running as the Exchange Server machine account Although this bug is not as powerful as the SSRF in ProxyLogon, and we could manipulate only the path part of the URL, it’s still powerful enoug

References

CWE-120https://explore.zoom.us/en/trust/security/security-bulletinhttp://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.htmlhttps://nvd.nist.govhttps://github.com/cyberheartmi9/Proxyshell-Scanner
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook