Zoom vulnerabilities allowed attackers to obtain maximum server privileges - research

The company patched vulnerabilities that affected several on-premise apps generally used by large companies looking to prevent network data leaks.

Researchers at Positive Technologies, a Russian cyber security company, identified vulnerabilities affecting Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector, and other apps.

Errors would have allowed attackers to enter commands to execute an attack and, thus, obtain server access with maximum privileges. Zoom, however, patched the vulnerabilities upon learning about them.

Researchers identified three vulnerabilities CVE-2021-34414, CVE-2021-34415, and CVE-2021-34416.

The first vulnerability made the malicious injection possible, while the second could have allowed a system crash, making it impossible for an affected organization to hold Zoom conferences. The third one facilitated an attack through the entry of specific commands.

According to Egor Dimitrenko, a researcher at Positive Technologies, affected apps process traffic from conferences at the company, which means intruders could have intercepted any data from conferences in real-time.

“Since apps of this kind might appear on the perimeter, this enables external intruders to execute arbitrary code on the server with root-user privileges, making it possible for them to advance further on the company’s network,” Dimitrenko said.

For a successful entry, an attacker would have needed the account credentials of any user with administrative rights, for example, the admin user created in the default application.

Researchers claim that since the Zoom application does not adhere to a strict password policy and has no protection against password guessing through the web interface, the task of obtaining a password would not have been impossible for a skilled attacker.

“You can often encounter vulnerabilities of this class in apps to which server administration tasks have been delegated. This vulnerability always leads to critical consequences, and, in most instances, it results in intruders gaining full control over the corporate network infrastructure,” Dimitrenko explained.

Researchers claim that users should update affected apps to avoid attackers eavesdropping or setting up a man-in-the-middle attack to compromise organizations.

More from CyberNews

Social engineering is an emotional game: here's what you need to know

Hackers use macOS zero-day flaw to capture victims’ data - Google

Europol's 2021 cybercrime report: the pandemic accelerated the evolution of cyber threats

The tiny PCs of the ‘90s: seven iconic devices

Don’t fall for it: new scam tries to convince your Microsoft password is about to expire

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked