CVE-2024-39819: 
Zoom Rooms vulnerability analysis and mitigation

Improper privilege management vulnerability (CVE-2024-39819) affects the installer for some Zoom Workplace Apps and SDKs for Windows. The vulnerability was discovered and disclosed in July 2024, impacting multiple Zoom products including Zoom Workplace Desktop App for Windows before version 6.0.10, Zoom Rooms App for Windows before version 5.17.13, and Zoom Meeting SDK for Windows before version 6.0.10 (Zoom Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, low privileges, and user interaction. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

If exploited, this vulnerability could allow an authenticated user with local access to perform privilege escalation on the affected system. The high impact scores for confidentiality, integrity, and availability (C:H/I:H/A:H) suggest potential significant consequences if successfully exploited (Zoom Bulletin).

Users are advised to update to the latest versions of affected products: Zoom Workplace Desktop App for Windows version 6.0.10 or later, Zoom Rooms App for Windows version 5.17.13 or later, and Zoom Meeting SDK for Windows version 6.0.10 or later. Updates can be obtained from the official Zoom download page (Zoom Bulletin).

The vulnerability was reported by security researcher sim0nsecurity, and Zoom has acknowledged and addressed the issue through their security bulletin program (Zoom Bulletin).