Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11443

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user.

Published

2020-05-04T14:15:13.137

Last Modified

2024-11-21T04:57:55.607

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

9.2

Weaknesses

Type: Primary
CWE-59
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zoom	it_installer	< 4.6.10	Yes

References

https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows Broken Link, Vendor Advisory ([email protected])
https://support.zoom.us/hc/en-us/articles/360043036451 Broken Link, Vendor Advisory ([email protected])
https://support.zoom.us/hc/en-us/articles/360043036451-Security-CVE-2020-11443 Broken Link, Vendor Advisory ([email protected])
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.zoom.us/hc/en-us/articles/360043036451 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.zoom.us/hc/en-us/articles/360043036451-Security-CVE-2020-11443 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)