Two Zoom security issues has been discovered that could allow for arbitrary code execution (CVE-2020-6110 and CVE-2020-6109 ). Use Lansweeper to find all vulnerable Zoom Client installations on your network. Read more: [ Ссылка ]

If you're using Zoom - the video conferencing software that has skyrocketed in popularity during the COVID-19 crisis - pay attention. Make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers to avoid Zoom Security Issues.

Get the Zoom vulnerability report here: [ Ссылка ]

CVE-2020-6109 is a Zoom Client Application Vulnerability

Zoom Client version 4.6.10 has an exploitable path traversal vulnerability (CVE-2020-6109). This is an HTTP exploit that allows an attacker to access personal files as these attacks are executed through web browsers via a manipulated URL. In the Zoom Client Vulnerability, a maliciously tailored chat message will trigger this vulnerability by sending it to the targeted user or group. This can cause an arbitrary file write which could lead to arbitrary code execution. These messages can include animated GIFs. In Zoom, only Giphy servers were originally meant to be used for this feature but the content from an arbitrary server would be loaded in this case which can be abused to leak even more personal information.

CVE-2020-6110 is a Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability

The CVE-2020-6110 vulnerability is almost the same as CVE-2020-6109. When the Zoom Client 4.6.10 version processes a message including shared code snippets, an attacker can send a chat message to the targeted user that will cause an arbitrary binary planting that could be abused to obtain arbitrary code execution. It allows the attacker to install programs; view, change, or delete data; or create new accounts with full user rights. However, for the most severe effect, target user interaction is required.

Chances are you rapidly had to deploy Zoom Client installations on your machines because of the COV-19 crisis and the resulting work from home situation. It's pretty critical that you update these clients at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities.

Zoom over to our report library on our website, where we’ve issued a dedicated Zoom Vulnerability Audit Report that gives you an instant overview of all affected devices and their patch status.


If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Zoom client versions on your network in no time.

Start your free trial today ► [ Ссылка ]

Lansweeper enables you to manages your entire IT network, saving an incredible amount of time by automating key tasks. It features best in class fully automatic asset scanning and network inventory software, to keep you on top of your IT-environment.

Recommended by sysadmins all over the world, download your Lansweeper free trial today and start managing your IT assets the right way.

Useful Links
Website ► [ Ссылка ]
Knowledgebase ► [ Ссылка ]
Forum ► [ Ссылка ]
Blog ► [ Ссылка ]

Let’s Connect
Facebook ► [ Ссылка ]
Twitter ► [ Ссылка ]
Linkedin ► [ Ссылка ]
Contact ► Sales@lansweeper.com

свернуть