Unverified cnt Field in Zoom On-Premise Meeting Connector Controller Leads to Resource Exhaustion and System Crash

Unverified cnt Field in Zoom On-Premise Meeting Connector Controller Leads to Resource Exhaustion and System Crash

CVE-2021-34415 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.

Learn more about our Cis Benchmark Audit For Zoom.