CVE-2024-27240
published 2024-07-15CVE-2024-27240: Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
PriorityP335high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.17%
7.1th percentile
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | rooms | < 6.0.0 | 6.0.0 |
| zoom | workplace_desktop | < 6.0.0 | 6.0.0 |
| zoom | workplace_virtual_desktop_infrastructure | < 5.17.13 | 5.17.13 |
| zoom_communications_inc | zoom_apps_for_windows | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Tenda AX3 Command Injection Attempt (CVE-2023-27240)
suricata·2024-11-05·CVSS 9.8
CVE-2023-27240 [CRITICAL] ET WEB_SPECIFIC_APPS Tenda AX3 Command Injection Attempt (CVE-2023-27240)
ET WEB_SPECIFIC_APPS Tenda AX3 Command Injection Attempt (CVE-2023-27240)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda AX3 Command Injection Attempt (CVE-2023-27240)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:19; content:"/goform/AdvSetLanip"; fast_pattern; http.request_body; content:"lanIp|3a|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/; reference:cve,2023-27240; classtype:attempted-admin; sid:2057253; rev:1; metadata:affected_product Tenda, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_11_05, cve CVE_2023_27240, deployment Perimeter, deployment Internal, performance
No public exploits indexed.
No writeups or analysis indexed.
2024-07-15
Published