CVE-2024-42434: 
Zoom Client vulnerability analysis and mitigation

CVE-2024-42434 is a sensitive information disclosure vulnerability affecting various Zoom products including Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The vulnerability was discovered and disclosed on August 14, 2024, and affects multiple versions of Zoom software products before version 6.1.0. This security issue could potentially allow privileged users to access sensitive information through network access (NVD, Zoom Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. This scoring indicates that the vulnerability requires network access and high privileges to exploit, but no user interaction is needed. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD, Zoom Advisory).

The vulnerability allows privileged users to conduct information disclosure through network access. The high confidentiality impact (C:H) in the CVSS score indicates that the vulnerability could lead to the disclosure of sensitive information, though it does not affect system integrity or availability (NVD).

Zoom has addressed this vulnerability by releasing version 6.1.0 for affected products. Users are advised to update their Zoom software to the latest version available at zoom.us/download. The fix has been implemented across multiple platforms including Windows, macOS, Linux, iOS, and Android versions of the affected products (Zoom Advisory).