Workplace Desktop
CVE-2024-39820
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.
AnalysisAI
Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-427. Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Affected products include: Zoom Workplace Desktop. Version information: version 6.0.10.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Workplace Desktop
View allUntrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network acce
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation o
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a p
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial o
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via
CVE-2025-46788 is an improper certificate validation vulnerability in Zoom Workplace for Linux versions before 6.4.13 th
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to co
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today