CVE-2021-34424

Process memory exposure in Zoom Client and other products

Description

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.40%
Vendor Advisory zoom.us
Affected: Zoom Video Communications Inc Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
Affected: Zoom Video Communications Inc Zoom Client for Meetings for Blackberry (for Android and iOS)
Affected: Zoom Video Communications Inc Zoom Client for Meetings for intune (for Android and iOS)
Affected: Zoom Video Communications Inc Zoom Client for Meetings for Chrome OS
Affected: Zoom Video Communications Inc Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)
Affected: Zoom Video Communications Inc Controllers for Zoom Rooms (for Android, iOS, and Windows)
Affected: Zoom Video Communications Inc Zoom VDI Windows Meeting Client
Affected: Zoom Video Communications Inc Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64)
Affected: Zoom Video Communications Inc Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS)
Affected: Zoom Video Communications Inc Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS)
Affected: Zoom Video Communications Inc Zoom Meeting SDK for Android
Affected: Zoom Video Communications Inc Zoom Meeting SDK for iOS
Affected: Zoom Video Communications Inc Zoom Meeting SDK for macOS
Affected: Zoom Video Communications Inc Zoom Meeting SDK for Windows
Affected: Zoom Video Communications Inc Zoom Video SDK (for Android, iOS, macOS, and Windows)
Affected: Zoom Video Communications Inc Zoom on-premise Meeting Connector
Affected: Zoom Video Communications Inc Zoom on-premise Meeting Connector MMR
Affected: Zoom Video Communications Inc Zoom on-premise Recording Connector
Affected: Zoom Video Communications Inc Zoom on-premise Virtual Room Connector
Affected: Zoom Video Communications Inc Zoom on-premise Virtual Room Connector Load Balancer
Affected: Zoom Video Communications Inc Zoom Hybrid Zproxy
Affected: Zoom Video Communications Inc Zoom Hybrid MMR
Published at:
Updated at:

References

Link Tags
https://explore.zoom.us/en/trust/security/security-bulletin vendor advisory
http://packetstormsecurity.com/files/165419/Zoom-MMR-Server-Information-Leak.html vdb entry third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-34424?
CVE-2021-34424 has been scored as a high severity vulnerability.
How to fix CVE-2021-34424?
To fix CVE-2021-34424, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-34424 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-34424 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-34424?
CVE-2021-34424 affects Zoom Video Communications Inc Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows), Zoom Video Communications Inc Zoom Client for Meetings for Blackberry (for Android and iOS), Zoom Video Communications Inc Zoom Client for Meetings for intune (for Android and iOS), Zoom Video Communications Inc Zoom Client for Meetings for Chrome OS, Zoom Video Communications Inc Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows), Zoom Video Communications Inc Controllers for Zoom Rooms (for Android, iOS, and Windows), Zoom Video Communications Inc Zoom VDI Windows Meeting Client, Zoom Video Communications Inc Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64), Zoom Video Communications Inc Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS), Zoom Video Communications Inc Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS), Zoom Video Communications Inc Zoom Meeting SDK for Android, Zoom Video Communications Inc Zoom Meeting SDK for iOS, Zoom Video Communications Inc Zoom Meeting SDK for macOS, Zoom Video Communications Inc Zoom Meeting SDK for Windows, Zoom Video Communications Inc Zoom Video SDK (for Android, iOS, macOS, and Windows), Zoom Video Communications Inc Zoom on-premise Meeting Connector, Zoom Video Communications Inc Zoom on-premise Meeting Connector MMR, Zoom Video Communications Inc Zoom on-premise Recording Connector, Zoom Video Communications Inc Zoom on-premise Virtual Room Connector, Zoom Video Communications Inc Zoom on-premise Virtual Room Connector Load Balancer, Zoom Video Communications Inc Zoom Hybrid Zproxy, Zoom Video Communications Inc Zoom Hybrid MMR.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.