CVE-2024-45424 Overview
CVE-2024-45424 is a business logic error affecting multiple Zoom Workplace applications and related products. The flaw allows an unauthenticated remote attacker to obtain sensitive information through network access without user interaction. Zoom disclosed the issue in security bulletin ZSB-24036 and assigned it to the [CWE-840] business logic errors category.
The vulnerability impacts Zoom Workplace clients, Zoom Rooms, Zoom Rooms Controller, the Meeting Software Development Kit (SDK), and Virtual Desktop Infrastructure (VDI) builds across Windows, macOS, Linux, Android, iOS, and iPadOS. Because exploitation requires neither credentials nor user interaction, organizations running unpatched Zoom clients face direct exposure of confidential meeting-related data.
Critical Impact
An unauthenticated attacker with network access can disclose sensitive information from Zoom Workplace applications without requiring user interaction or privileges.
Affected Products
- Zoom Workplace and Zoom Workplace Desktop (Windows, macOS, Linux, Android, iOS)
- Zoom Rooms and Zoom Rooms Controller (Windows, macOS, Linux, Android, iPadOS)
- Zoom Meeting SDK and Zoom Workplace VDI (Windows)
Discovery Timeline
- 2025-02-25 - CVE-2024-45424 published to the National Vulnerability Database (NVD)
- 2025-03-05 - Last updated in NVD database
Technical Details for CVE-2024-45424
Vulnerability Analysis
The vulnerability is classified under [CWE-840] (Business Logic Errors). Unlike memory corruption or injection flaws, business logic errors stem from incorrect assumptions in the application's workflow or state model. In this case, certain Zoom Workplace components fail to enforce expected access controls on information returned through the network interface.
An unauthenticated attacker reachable over the network can interact with the affected component and trigger logic paths that return data intended to be protected. The integrity and availability of the system are not affected, but confidential information is exposed.
The issue affects a wide product surface including desktop clients, mobile apps, SDK-based applications, and Zoom Rooms hardware controllers. This breadth indicates the defective logic resides in a shared component or protocol handler used across the Zoom Workplace product family.
Root Cause
The root cause is improper enforcement of business rules governing information access. The affected applications process network-reachable requests without applying the authorization checks the workflow assumes are present. As a result, sensitive data flows back to unauthenticated callers.
Attack Vector
Exploitation occurs over the network with low complexity and no privileges. An attacker sends crafted requests to a vulnerable Zoom client or component and receives information that should require authentication. No social engineering or user interaction is required on the victim side.
No public proof-of-concept code or exploit has been published. Zoom has not reported in-the-wild exploitation, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Technical specifics of the disclosed information are not detailed in the public advisory.
Detection Methods for CVE-2024-45424
Indicators of Compromise
- Unexpected outbound or inbound network connections to Zoom client processes from unknown hosts.
- Anomalous queries to Zoom-related ports or local services on endpoints running Zoom Workplace.
- Zoom client builds present in the environment that predate the fixes referenced in ZSB-24036.
Detection Strategies
- Inventory all Zoom Workplace, Zoom Rooms, Zoom Rooms Controller, and Meeting SDK installations and compare versions against the fixed builds listed in Zoom Security Bulletin ZSB-24036.
- Hunt for unauthenticated network requests directed at Zoom client listeners on endpoints and Zoom Rooms appliances.
- Correlate process telemetry from Zoom binaries with unusual network peers to identify reconnaissance activity.
Monitoring Recommendations
- Monitor endpoint and Zoom Rooms hosts for inbound connections from non-corporate sources.
- Alert on Zoom client versions below the patched releases identified in ZSB-24036.
- Capture and review egress logs from systems running the Zoom Meeting SDK or VDI plugin for unexpected data transfers.
How to Mitigate CVE-2024-45424
Immediate Actions Required
- Update all Zoom Workplace, Zoom Workplace Desktop, Zoom Rooms, Zoom Rooms Controller, Zoom Meeting SDK, and Zoom Workplace VDI installations to the fixed versions documented in Zoom Security Bulletin ZSB-24036.
- Enable automatic updates in Zoom clients and SDK-based applications to prevent regression to vulnerable builds.
- Audit Zoom Rooms appliances and controllers, which are often overlooked in standard patch cycles.
Patch Information
Zoom has released patched versions of the affected applications. Administrators should consult Zoom Security Bulletin ZSB-24036 for the specific fixed build numbers per platform and deploy them across Windows, macOS, Linux, Android, iOS, and iPadOS endpoints.
Workarounds
- Restrict network reachability of Zoom clients and Zoom Rooms devices to trusted corporate segments using host and network firewalls.
- Place Zoom Rooms hardware on isolated VLANs that block lateral access from untrusted networks.
- Where immediate patching is not possible, limit the use of the Zoom Meeting SDK in network-exposed applications until updates are deployed.
# Example: restrict inbound access to Zoom client listeners on Windows hosts
New-NetFirewallRule -DisplayName "Block-External-Zoom-Inbound" `
-Direction Inbound `
-Program "C:\Users\%USERNAME%\AppData\Roaming\Zoom\bin\Zoom.exe" `
-RemoteAddress Internet `
-Action Block
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
