Id:
CVE-2021-34412
Comment
:
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
CVSSv2 Score:
4.6
Access vector:
|
LOCAL
|
Access complexity:
|
LOW
|
Authentication:
|
NONE
|
Confidentiality impact:
|
PARTIAL
|
Integrity impact:
|
PARTIAL
|
Availability impact:
|
PARTIAL
|
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
|
LOCAL
|
Attack complexity:
|
LOW
|
Privileges required:
|
LOW
|
User interaction:
|
NONE
|
Scope:
|
UNCHANGED
|
Confidentiality impact:
|
HIGH
|
Integrity impact:
|
HIGH
|
Availability impact:
|
HIGH
|
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References: