CVE-2024-45422 Overview
CVE-2024-45422 is an improper input validation vulnerability affecting multiple Zoom client and SDK products prior to version 6.2.0. An unauthenticated remote attacker can trigger a denial of service condition over the network by sending crafted input to a vulnerable Zoom application. The flaw is classified under [CWE-20: Improper Input Validation] and impacts availability without exposing confidentiality or integrity. Zoom disclosed the issue in security bulletin ZSB-24044.
Critical Impact
Unauthenticated network-based denial of service against Zoom Workplace, Zoom Rooms, Zoom Rooms Controller, and Zoom Meeting/Video SDKs running versions below 6.2.0.
Affected Products
- Zoom Workplace and Zoom Workplace Desktop (Windows, macOS, Linux, Android, iOS) before 6.2.0
- Zoom Rooms and Zoom Rooms Controller (Windows, macOS, Linux, iPadOS, Android) before 6.2.0
- Zoom Meeting SDK and Zoom Video SDK (Windows, macOS, Linux, Android, iOS) before 6.2.0
Discovery Timeline
- 2024-11-19 - CVE-2024-45422 published to NVD
- 2025-08-19 - Last updated in NVD database
Technical Details for CVE-2024-45422
Vulnerability Analysis
The vulnerability stems from improper input validation in network-facing components shared across the Zoom client family. A remote attacker can deliver malformed input to a vulnerable Zoom application without prior authentication. The application fails to correctly validate the input and enters a state that disrupts normal operation. The result is a denial of service that impacts availability of the Zoom client or service.
The flaw does not expose data or grant code execution. However, it can interrupt active meetings, kick endpoints offline, or render Zoom Rooms hardware unusable until restarted. Because the same input validation defect appears across the Workplace, Rooms, and SDK product lines, a single exploitation primitive may impact heterogeneous deployments.
Root Cause
The root cause is missing or insufficient validation of input received over the network path, mapped to [CWE-20]. Zoom does not disclose the precise parsing component in bulletin ZSB-24044. The fix is delivered by upgrading affected products to version 6.2.0 or later.
Attack Vector
Exploitation requires only network reachability to the targeted Zoom application. No user interaction and no credentials are required. An attacker sends crafted traffic to a vulnerable client or SDK-based application, causing the process to crash or hang. The attack vector is consistent across desktop, mobile, and SDK-embedded deployments running pre-6.2.0 builds.
No verified public proof-of-concept code is available for this CVE. Refer to the Zoom Security Bulletin ZSB-24044 for vendor-supplied technical context.
Detection Methods for CVE-2024-45422
Indicators of Compromise
- Unexpected crashes, hangs, or restarts of Zoom Workplace, Zoom Rooms, or SDK-based applications coinciding with inbound network traffic
- Repeated reconnection events or dropped sessions across multiple Zoom endpoints in a short time window
- Application crash dumps referencing Zoom client modules on hosts running versions earlier than 6.2.0
Detection Strategies
- Inventory installed Zoom Workplace, Rooms, Rooms Controller, Meeting SDK, and Video SDK versions, and flag any build below 6.2.0
- Correlate Zoom client crash telemetry with network flow data to identify potential exploitation attempts
- Monitor third-party applications that embed the Zoom Meeting SDK or Video SDK for version compliance
Monitoring Recommendations
- Forward endpoint application crash logs and Zoom client diagnostic logs to a centralized SIEM for correlation
- Alert on sudden spikes of Zoom client process terminations across the fleet, which can indicate active exploitation
- Track outbound and inbound traffic to Zoom service endpoints from non-Zoom processes that may be probing the client
How to Mitigate CVE-2024-45422
Immediate Actions Required
- Upgrade all Zoom Workplace, Zoom Workplace Desktop, Zoom Rooms, and Zoom Rooms Controller installations to version 6.2.0 or later
- Update embedded Zoom Meeting SDK and Zoom Video SDK dependencies in internally developed applications to 6.2.0 or later and redeploy
- Validate version compliance across Windows, macOS, Linux, Android, iOS, and iPadOS endpoints
Patch Information
Zoom addressed CVE-2024-45422 in version 6.2.0 of the affected products. Patch details and the full list of fixed components are documented in the Zoom Security Bulletin ZSB-24044.
Workarounds
- No vendor-supplied workaround is published; upgrading to a fixed version is the only supported remediation
- Restrict inbound network exposure of Zoom Rooms appliances and SDK-based services to trusted network segments where feasible
- Enforce automatic updates for Zoom Workplace clients through endpoint management tooling to ensure pre-6.2.0 builds are removed
# Configuration example: query installed Zoom client version on Windows endpoints
Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -like "Zoom*" } |
Select-Object DisplayName, DisplayVersion
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
