Flaws Enable Attackers To Intercept Data, Attack Customer … these solutions in their networks to prevent data leaks,” the researchers note.

Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.

The now patched vulnerabilities could have enabled attackers to obtain server access with maximum privileges and navigate further on the company’s network, as well as compromise the Zoom software’s functionality—making it impossible for victims to hold conferences.

Critical Vulnerabilities

In a Thursday security bulletin, Zoom released multiple patches for its product. The most serious, rated as high with a CVSS Score: 7.9, was the network proxy page on the web portal for products such as Zoom On-Premise Meeting Connector Controller, Zoom On-Premise Meeting Connector MMR, Zoom On-Premise Recording Connector, Zoomhttps://thenfg.com/2021/11/16/efani-net-news-creating-a-world-in-which-data-breaches-are-improbable-not-inevitable/ On-Premise Virtual Room Connector, and Zoom On-Premise Virtual Room Connector Load Balancer.

The vulnerability tracked as CVE-2021-34417 fails to validate input sent in requests to set the network proxy password, which could lead to a remote command injection by a web portal administrator.

Read the whole article here: Read More