CVE Vulnerability

CVE-2020-11443

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user.

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 9.2

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.zoom.us/hc/en-us/articles/360043036451-Security-CVE-2020-11443 Broken Link Vendor Advisory
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows Broken Link Vendor Advisory
https://support.zoom.us/hc/en-us/articles/360043036451 Broken Link Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zoom:it_installer:*:*:*:*:*:windows:*:*
Information

Published : 2020-05-04 02:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11443

Mitre link : CVE-2020-11443

Products Affected
No products.
CWE
CWE-59

CWE-732