Zoom On Premise Meeting Connector Controller
CVE-2021-34418
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service.
AnalysisAI
The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service. Affected products include: Zoom Zoom On-Premise Meeting Connector Controller, Zoom Zoom On-Premise Meeting Connector Mmr, Zoom Zoom On-Premise Recording Connector, Zoom Zoom On-Premise Virtual Room Connector, Zoom Zoom On-Premise Virtual Room Connector Load Balancer. Version information: version 4.6.239.20200613.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connecto
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before vers
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.202
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today