---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Critical Vulnerability in Zoom Products'
number: '2024-020'
version: '1.0'
original_date: 'February 13, 2024'
date: 'February 15, 2024'
---

_History:_

* _15/02/2024 --- v1.0 -- Initial publication_

# Summary

On February 13, 2024, Zoom released a security advisory [1] addressing one critical vulnerability. If exploited, this vulnerability allows an unauthenticated attacker to conduct privilege escalation on the target system via network access.

It is recommended applying updates as soon as possible [2].

# Technical Details

The vulnerability `CVE-2024-24691`, with a CVSS score of 9.6, is due to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.

# Affected Products

This vulnerability impacts the following products:

- Zoom Desktop Client for Windows before version 5.16.5
- Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
- Zoom Rooms Client for Windows before version 5.17.0
- Zoom Meeting SDK for Windows before version 5.16.5

# Recommendations

It is recommended applying updates as soon as possible [2].

# References

[1] <https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/>

[2] <https://zoom.us/download>0