vulnerability

Zoom: CVE-2018-15715: Zoom Message Spoofing

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Nov 30, 2018	Dec 27, 2018	Apr 24, 2019

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Nov 30, 2018

Added

Dec 27, 2018

Modified

Apr 24, 2019

Description

A flaw in Zoom's thick client allows attackers to hijack control of presenters’ desktops, spoof chat messages, and kick attendees out of Zoom calls. The flaw is due to the lack of message validation. An attacker can spoof Zoom server messages to invoke restricted functionalities reserved for Zoom servers.

Solution(s)

zoom-windows-upgrade-4_1_34460_1105zoom-mac-upgrade-4_1_34475_1105zoom-linux-upgrade-2_5_146186_1130zoom-chrome-upgrade-3_3_1635_1130

References

CVE-2018-15715
https://attackerkb.com/topics/CVE-2018-15715
URL-https://support.zoom.us/hc/en-us/articles/360020436071-Security-CVE-2018-15715

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today