New vulnerabilities allowed attackers to intercept Zoom meetings

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Exploiting these vulnerabilities, a remote attacker could also execute arbitrary code on the server using root-user privileges.

The cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector.

These vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. It is worth noting that Zoom’s video conferencing app is currently quite popular in the USA, with around 42.8% of the market share.

Details of Vulnerabilities and Affected Versions

The three vulnerabilities are tracked as CVE-2021-34414, CVE-2021-34415, and CVE-2021-34416. Exploiting these flaws, an attacker could have executed arbitrary code on the server using root-user privileges. The following on-premise Zoom apps are reportedly vulnerable:

Meeting Connector Controller up to version 4.6.348.20201217 Meeting Connector MMR up to version 4.6.348.20201217 Recording Connector up to version 3.8.42.20200905 Virtual

Read the article