Zoom Video Communications has patched vulnerabilities in its solutions for conferences, negotiations and recordings — Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector and others.
The errors helped attackers enter commands to execute an attack and, obtain server access with maximum privileges, Positive Technologies said. Zoom’s main product, a Zoom video-conferencing app, according to LearnBonds, is the most popular video conferencing application in the United States, with a market share of 42.8 percent.
The users of the software, distributed under the on-premise model, are generally large companies that deploy these solutions in their networks to prevent data leaks.
The issue has been reported in the following Zoom on-premise apps:
Meeting Connector Controller up to version 4.6.348.20201217
Meeting Connector MMR up to version 4.6.348.20201217
Recording Connector up to version 3.8.42.20200905
Virtual Room Connector up to version 4.4.6620.20201110
Virtual Room Connector Load Balancer prior to version 2.5.5495.20210326
A second vulnerability could have led to a system crash. The error in the Zoom On-Premise Meeting Connector Controller app, and the problem was rectified in version 4.6.358.20210205. As a result of exploiting this vulnerability, intruders could compromise the software’s functionality, making it impossible for the affected organization to hold Zoom conferences.
A third vulnerability facilitated an attack through the entry of certain commands. The failing affects the following Zoom on-premise apps:
Meeting Connector up to version 4.6.360.20210325
Meeting Connector MMR up to version 4.6.360.20210325
Recording Connector up to version 3.8.44.20210326
Virtual Room Connector up to version 4.4.6752.20210326
Virtual Room Connector Load Balancer up to version 2.5.5495.20210326
“These apps process traffic from all conferences at the company, so when they’re compromised, the biggest danger is, an intruder can perform a Man-in-the-Middle attack and intercept any data from conferences in real time,”’ Egor Dimitrenko explained.
The main reason why such vulnerabilities arise is a lack of sufficient verification of user data. You can encounter vulnerabilities of this class in apps to which server administration tasks have been delegated. This vulnerability leads to critical consequences and, it results in intruders gaining full control over the corporate network infrastructure.
Fixing the vulnerabilities requires an update to the apps. MaxPatrol VM, a vulnerability management system, will facilitate continuous monitoring of vulnerabilities within the infrastructure, both in normal mode and during emergency inspections.
In the event of a successful attack, one way to detect signs of penetration is to use SIEM solutions (in particular, MaxPatrol SIEM), which help identify suspicious behavior on the server and prevent intruders from advancing within the corporate network.