Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)

Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a member of the Talos team, we determined that large portions of the blog content were sourced directly from the Cisco Talos article. This content has been removed, and we are scheduling training to ensure our content teams are fully aware of our blog policy. In addition, we are updating our blog review process to add further checks to ensure compliance with the policy.

Summary:
Amidst the lockdown, where video conferencing app is the new normal for working individuals, online education, business meetings and certain other such purposes, two critical vulnerabilities were observed in the cyber-security market. Both these vulnerabilities are path traversal vulnerabilities in ZOOM, a video conferencing app used on Windows, MacOS as well as Linux. These vulnerabilities have a CVSS score of 8 and classified with CWE-22.

Description:
The two vulnerabilities described in this article are based on assigned been CVE-2020-6109 and CVE-2020-6110.

CVE-2020-6109 is a path traversal vulnerability that exists in the Zoom client while processing messages with animated GIFs. An attacker could exploit this vulnerability by send a specially crafted chat message which can cause an arbitrary file write, which can in-turn lead to arbitrary code execution.

CVE-2020-6110 is path traversal vulnerability that exists in the way the Zoom Client processes messages including shared code snippets. An attacker could exploit this vulnerability by send a specially crafted chat message which can cause an arbitrary file write, which can in turn lead to arbitrary code execution.

Both vulnerabilities affect Zoom version 4.6.10, the organization addressed them with the release of version 4.6.12. Surprisingly GIPHY feature have been re-enabled in version 5.0.5 (26213.0602) released on June 2, 2020.

Affected Products:
Zoom version 4.6.10 and prior.

Advisory:
https://support.zoom.us/hc/en-us/articles/201361953-New-updates-for-Windows

References  and Credits:
The vulnerabilities described in this post were discovered and reported by Cisco Talos at: https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html

Mitigation:
Zoom has updated the patch and released for CVE-2020-6109 and CVE-2020-6110.

Qualys customers can scan their network with QID(s)# 372832 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *