Exploiting these vulnerabilities, a remote attacker could also execute arbitrary code on the server using root-user privileges.
The cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector.
These vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. It is worth noting that Zoom’s video conferencing app is currently quite popular in the USA, with around 42.8% of the market share.
Details of Vulnerabilities and Affected Versions
The three vulnerabilities are tracked as CVE-2021-34414, CVE-2021-34415, and CVE-2021-34416. Exploiting these flaws, an attacker could have executed arbitrary code on the server using root-user privileges. The following on-premise Zoom apps are reportedly vulnerable:
Meeting Connector Controller up to version 4.6.348.20201217 Meeting Connector MMR up to version 4.6.348.20201217 Recording Connector up to version 184.108.40.20600905 Virtual Room Connector up to version 4.4.6620.20201110 Virtual Room Connector Load Balancer before version 2.5.5495.20210326.
The second vulnerability encourages complete system crashes and would allow attackers to compromise the software’s functionality and make it difficult for the impacted organization to hold Zoom