Workplace Desktop
CVE-2024-39827
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from Vendor (zoom) · only source for this CVE.
CVSS VectorVendor: zoom
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.
AnalysisAI
Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. Affected products include: Zoom Workplace Desktop. Version information: version 6.0.10.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Workplace Desktop
View allUntrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network acce
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation o
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a p
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial o
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via
CVE-2025-46788 is an improper certificate validation vulnerability in Zoom Workplace for Linux versions before 6.4.13 th
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to co
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today