The U.S-sanctioned Positive Technologies has underscored three vulnerabilities in the zoom, Zoom vulnerability that can be used for crashing or hijacking on-prem parts of the video conferencing system.
One of the vulnerabilities is related to input validation which can be exploited by a zoom portal administration to implant and carry out random commands on the machine hosting the software.
For example, an HR’s, admin of the Zoom installation, work PC has been hijacked who with the help of this vulnerability gets an entry to an internal server system and scales up the attack from there.
CVE-2021-34414, the vulnerability was patched in September.
“You can often encounter zoom vulnerabilities of this class in apps to which server administration tasks have been delegated,” Positive Technologies researcher Egor Dimitrenko said of the vuln.
“This zoom vulnerability always leads to critical consequences and, in most instances, it results in intruders gaining full control over the corporate network infrastructure.
The biggest advantage of the on-premise option is that the meeting traffic remains within the host’s private cloud. Its three components are the On-Premise Meeting Connector, Virtual Room Connector, and Recording Connector.
The input validation flaw was exploited by Dimitrenko and his Positive Technologies comrades (as they stated) to gain server-level access. Two related holes, CVE-2021-34415 and CVE-2021-34416, could be exploited to crash Zoom.
The vulns affected:
- Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217
- Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217
- Zoom on-premise Recording Connector before version 18.104.22.16800905
- Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110
- Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326
If your organization has on-premise zoom deployment, please update zoom with the latest patch.