Exploiting these vulnerabilities, a remote attacker could also execute arbitrary code on the server using root-user privileges.
The cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector.
These vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. It is worth noting that Zoom’s video conferencing app is currently quite popular in the USA, with around 42.8% of the market share.
Details of Vulnerabilities and Affected Versions
The three vulnerabilities are tracked as CVE-2021-34414, CVE-2021-34415, and CVE-2021-34416. Exploiting these flaws, an attacker could have executed arbitrary code on the server using root-user privileges. The following on-premise Zoom apps are reportedly vulnerable:
- Meeting Connector Controller up to version 4.6.348.20201217
- Meeting Connector MMR up to version 4.6.348.20201217
- Recording Connector up to version 126.96.36.19900905
- Virtual Room Connector up to version 4.4.6620.20201110
- Virtual Room Connector Load Balancer before version 2.5.5495.20210326.
The second vulnerability encourages complete system crashes and would allow attackers to compromise the software’s functionality and make it difficult for the impacted organization to hold Zoom conferences.
This error was identified in the Zoom On-Premise Meeting Connector Controller app, and the bug was eliminated in version 4.6.358.20210205.
The third vulnerability would allow attackers to enter specific commands. It was identified in the following apps:
- Meeting Connector up to version 4.6.360.20210325
- Meeting Connector MMR up to version 4.6.360.20210325
- Recording Connector up to version 188.8.131.5210326
- Virtual Room Connector up to version 4.4.6752.20210326
- Virtual Room Connector Load Balancer up to version 2.5.5495.20210326
According to Positive Technologies’ researcher Egor Dimitrenko, who identified the flaws, these app process Zoom’s traffic from all conferences. In case these are compromised, the intruder could perform a Man-in-the-Middle attack. This could allow them to intercept data from almost any conference in real-time.
Since the impacted apps operate on the company’s corporate network’s outer perimeter, apart from allowing the attackers to disrupt Zoom’s conference holding capabilities, the vulnerabilities may allow attackers to invade the company’s network.
Once there, the attackers could execute commands to launch an attack, gain server access with escalated privileges. This is very concerning because most of Zoom’s clients are large companies.
How Could The Flaws be Exploited?
Dimitrenko explained that the flaws require an attacker to obtain login credentials of a user having administrative rights, which isn’t a huge challenge because Zoom hasn’t yet implemented a strict password policy. This means the company doesn’t offer protection against password predictions via the web interface.
“You can often encounter vulnerabilities of this class in apps to which server administration tasks have been delegated. This vulnerability always leads to critical consequences and, in most instances, it results in intruders gaining full control over the corporate network infrastructure,” Dimitrenko noted.
Vulnerabilities are Patched
Zoom Video Communications was notified about the three flaws, and the company has already patched them in the affected apps, including conferences, recordings, and negotiations. Therefore, if you are using Zoom make sure it is updated to the latest version.