Privilege Escalation Vulnerability in Zoom Client for Windows

Privilege Escalation Vulnerability in Zoom Client for Windows

CVE-2021-34408 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory.

Learn more about our Cis Benchmark Audit For Zoom.