MeitY’s Indian Computer Emergency Response Team (Cert-In) has flagged a few vulnerabilities in video meetings software Zoom. The government organisation has said that the vulnerabilities in the software are dangerous.
In its vulnerability note, Cert-In has said that Zoom has multiple vulnerabilities that could allow an authenticated attacker to bypass security restrictions and cause denial of service on the targeted system.
The nodal agency of the Indian government has given these vulnerabilities a severity rating of ‘HIGH’.
Cert-In says the vulnerabilities affect Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 and Zoom Client for meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0.
“These vulnerabilities exist due to improper access control, debugging port misconfiguration flaw,” mentioned Cert-In.
If exploited successfully, these vulnerabilities could allow an attacker to use debugging port to connect and control the Zoom Apps running in the Zoom Client. It can also help the attacker prevent participants from receiving audio and video and causing meeting disruptions.
Cert-In has recommended that Zoom users incorporate the necessary updates to patch the vulnerabilities.