CVE-2024-45424: 
Zoom Rooms vulnerability analysis and mitigation

A business logic error was discovered in various Zoom Workplace Apps that could allow unauthorized information disclosure through network access. The vulnerability (CVE-2024-45424) was reported by researchers Seungwon Woo (ETRI, KAIST), Wonho Song (KAIST), and Min Suk Kang (KAIST). The issue was initially published on September 10, 2024, with a CVSS v3.1 base score of 5.3 (Medium) (Zoom Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The National Vulnerability Database (NVD) assessment rated it with a higher base score of 7.5 (High), while Zoom's internal assessment rated it at 5.3 (Medium) (NVD).

The vulnerability affects the confidentiality of information, potentially allowing unauthorized users to access sensitive data through network access. The impact is limited to information disclosure, with no direct effect on system integrity or availability (Zoom Advisory).

Users are advised to update to version 6.1.0 or later of affected Zoom applications. This includes Zoom Workplace Desktop Apps for Windows, macOS, and Linux, Zoom Workplace VDI Client for Windows (version 6.1.10), mobile apps, Meeting SDKs, Rooms Apps, and Controller applications. Updates are available through the official Zoom download center (Zoom Advisory).