CVE-2021-30480

Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:zoom:chat:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Sep 2021, 17:46

Type Values Removed Values Added
References (MISC) https://sector7.computest.nl/post/2021-08-zoom/ - (MISC) https://sector7.computest.nl/post/2021-08-zoom/ - Exploit, Third Party Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-971/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-971/ - Third Party Advisory, VDB Entry
References (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - Vendor Advisory

23 Aug 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) https://sector7.computest.nl/post/2021-08-zoom/ -
  • (MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-971/ -
  • (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ -

22 Apr 2021, 20:40

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:zoom:chat:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 9.0
v3 : 8.8
References (MISC) https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ - (MISC) https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ - Press/Media Coverage, Third Party Advisory
References (MISC) https://zoom.us/feature/messaging - (MISC) https://zoom.us/feature/messaging - Product, Vendor Advisory
References (MISC) https://twitter.com/thezdi/status/1379855435730149378 - (MISC) https://twitter.com/thezdi/status/1379855435730149378 - Third Party Advisory
References (MISC) https://twitter.com/thezdi/status/1379859851061395459 - (MISC) https://twitter.com/thezdi/status/1379859851061395459 - Third Party Advisory
References (MISC) https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-day-discovery-makes-calls-safer-hackers-200000-richer/ - (MISC) https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/04/zoom-zero-day-discovery-makes-calls-safer-hackers-200000-richer/ - Third Party Advisory
References (MISC) https://www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2own - (MISC) https://www.securityweek.com/200000-awarded-zero-click-zoom-exploit-pwn2own - Press/Media Coverage, Third Party Advisory
CWE NVD-CWE-noinfo

09 Apr 2021, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-09 23:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-30480

Mitre link : CVE-2021-30480

CVE.ORG link : CVE-2021-30480


JSON object : View

Products Affected

microsoft

  • windows

apple

  • macos

zoom

  • chat