Allele Security Alert
ASA-2018-00064
Identifier(s)
ASA-2018-00064, CVE-2018-15715
Title
Unauthorized command execution
Vendor(s)
Zoom Video Communications, Inc
Product(s)
Zoom Desktop Conferencing Application
Affected version(s)
Zoom for macOS version 4.1.33259.0925
Zoom for Windows version 4.1.33259.0925
Zoom for Linux version 2.4.129780.0915
Fixed version(s)
Windows version 4.1.34814.1119
macOS version 4.1.34801.1116
Proof of concept
Unknown
Description
There’s a vulnerability in Zoom’s Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.
Technical details
This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.
Credits
David Wells (Tenable)
Reference(s)
Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)
https://www.tenable.com/blog/tenable-research-advisory-zoom-unauthorized-command-execution-cve-2018-15715
New Updates For Mac OS
https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS
New Updates For Windows
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows
Remotely Hijacking Zoom Clients
https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
CVE-2018-15715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15715
CVE-2018-15715
https://nvd.nist.gov/vuln/detail/CVE-2018-15715
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 9, 2019