Saturday, January 18, 2025
HomeCVE/vulnerabilityCritical Zoom Vulnerability Let Attackers Take Over Meetings

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Published on

SIEM as a Service

Follow Us on Google News

Zoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially exploit for various malicious purposes.

This vulnerability was reported as part of the H1-4420 Hacking event conducted in June 2023.

This vulnerability existed in Zoom rooms, a system developed by Zoom to allow team members from different locations to work together over Zoom.

A threat actor could potentially exploit this vulnerability and gain access to the victim organization’s tenant.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Vulnerability Analysis

For setting up Zoom rooms, the Zoom Rooms application is installed on a device such as an iPad, mobile, etc which acts as a terminal for people in the Zoom room.

Whenever a Zoom room is created within the Zoom platform, a service account is created with licenses for meetings and Whiteboards.

This service account is assigned an email address by Zoom, which has the format rooms_<account ID>@companydomain.com. In certain cases, organizations prefer to use the Outlook domain for their email accounts instead of their company domain.

As Outlook is public and anyone can create an email address, the service account email address can be created and claimed by a threat actor.

This provides complete access to the threat actor over the service account which can be utilized to gather information laterally across the tenant.

In addition to this, a service account has at least two licenses and is also treated as a normal team member. This provides considerable access to the threat actor, like contacts, or hijack the meeting itself. 

Zoom Chat Channel

Zoom provides a new feature called “Channels,” which is a system of text channels that are open by default to tenant employees.

Since the threat actor has access to the service account, he has access to view the contents of any channel which also includes confidential information and has complete invisibility.

Moreover, room users cannot be removed from the channel by any administrator or even the owner. A complete detailed report has been published, which provides additional information about this vulnerability.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....