Zoom vulnerabilities allowed attackers to obtain maximum server privileges - research
The company patched vulnerabilities that affected several on-premise apps generally used by large companies looking to prevent network data leaks.
Researchers at Positive Technologies, a Russian cyber security company, identified vulnerabilities affecting Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector, and other apps.
Errors would have allowed attackers to enter commands to execute an attack and, thus, obtain server access with maximum privileges. Zoom, however, patched the vulnerabilities upon learning about them.
The first vulnerability made the malicious injection possible, while the second could have allowed a system crash, making it impossible for an affected organization to hold Zoom conferences. The third one facilitated an attack through the entry of specific commands.
According to Egor Dimitrenko, a researcher at Positive Technologies, affected apps process traffic from conferences at the company, which means intruders could have intercepted any data from conferences in real-time.
“Since apps of this kind might appear on the perimeter, this enables external intruders to execute arbitrary code on the server with root-user privileges, making it possible for them to advance further on the company’s network,” Dimitrenko said.
For a successful entry, an attacker would have needed the account credentials of any user with administrative rights, for example, the admin user created in the default application.
Researchers claim that since the Zoom application does not adhere to a strict password policy and has no protection against password guessing through the web interface, the task of obtaining a password would not have been impossible for a skilled attacker.
“You can often encounter vulnerabilities of this class in apps to which server administration tasks have been delegated. This vulnerability always leads to critical consequences, and, in most instances, it results in intruders gaining full control over the corporate network infrastructure,” Dimitrenko explained.
Researchers claim that users should update affected apps to avoid attackers eavesdropping or setting up a man-in-the-middle attack to compromise organizations.
More from CyberNews
Subscribe to our newsletter