vulnerability

Zoom Zoom: CVE-2021-34420: Zoom Windows installation executable signature bypass

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Nov 9, 2021	Jan 8, 2025	Feb 9, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 9, 2021

Added

Jan 8, 2025

Modified

Feb 9, 2026

Description

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.Zoom addressed this issue in the 5.5.4 Zoom Client for Meetings for Windows release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates fromhttps://zoom.us/download.

Solution

zoom-zoom-upgrade-latest

References

CVE-2021-34420
https://attackerkb.com/topics/CVE-2021-34420
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-21016
CWE-347

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today