ASA-2018-00064 – Zoom: Unauthorized command execution

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2018-00064

Identifier(s)

ASA-2018-00064, CVE-2018-15715

Title

Unauthorized command execution

Vendor(s)

Zoom Video Communications, Inc

Product(s)

Zoom Desktop Conferencing Application

Affected version(s)

Zoom for macOS version 4.1.33259.0925
Zoom for Windows version 4.1.33259.0925
Zoom for Linux version 2.4.129780.0915

Fixed version(s)

Windows version 4.1.34814.1119
macOS version 4.1.34801.1116

Proof of concept

Unknown

Description

There’s a vulnerability in Zoom’s Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.

Technical details

This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.

Credits

David Wells (Tenable)

Reference(s)

Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)
https://www.tenable.com/blog/tenable-research-advisory-zoom-unauthorized-command-execution-cve-2018-15715

New Updates For Mac OS
https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS

New Updates For Windows
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows

Remotely Hijacking Zoom Clients
https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d

CVE-2018-15715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15715

CVE-2018-15715
https://nvd.nist.gov/vuln/detail/CVE-2018-15715

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 9, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.