- A+
An attacker could spoof messages, hijack screen controls, or expel other conference attendants攻击者可以欺骗消息,劫持屏幕控制或驱逐其他会议服务员
A considered critical vulnerability in the Zoom videoconferencing application could allow a remote attacker to hijack screen controls and expel conference attendants, as reported by digital forensics specialists from the International Institute of Cyber Security.据国际网络安全研究所的数字取证专家报告,缩放视频会议应用程序中一个被认为是严重的漏洞可能允许远程攻击者劫持屏幕控制并驱逐会议服务员。
Researchers from a cybersecurity firm published a proof of concept for this unauthorized command execution vulnerability, mentioning that the error persists in the Zoom messaging function;来自网络安全公司的研究人员发布了这个未经授权的命令执行漏洞的概念证明,并提到Zoom消息功能中的错误仍然存在; the vulnerability, tracked as CVE-2018-15715 , has been considered of “critical” gravity, and has a CVSS score of 3.0/9.9.该漏洞被追踪为CVE-2018-15715 ,被认为具有“临界”引力, CVSS评分为3.0 / 9.9。
“This vulnerability could be exploited if certain scenarios are presented such as: “如果出现某些情况,可能会利用此漏洞,例如:
- A malicious Zoom meeting participant恶意缩放会议参与者
- An attacker on the local access network (LAN)本地访问网络(LAN)上的攻击者
- A remote attacker on a wide area network (WAN) could theoretically use this vulnerability to hijack a Zoom meeting in progress理论上,广域网(WAN)上的远程攻击者可以使用此漏洞劫持正在进行的缩放会议
Attackers could use this vulnerability to perform otherwise restricted operations at Zoom conferences,” said David Wells, a digital forensics specialist.攻击者可以利用此漏洞在Zoom会议上执行其他限制性操作,“数字取证专家David Wells说。 The vulnerability comes from an internal Zoom messaging pump flaw, a mechanism that this application uses to send and wait for messages.该漏洞来自内部的Zoom消息传递泵漏洞,这是一种该应用程序用来发送和等待消息的机制。
This means that a potential attacker, remotely and without authentication, could create and send a User Datagram Protocol (UDP) message, and would be interpreted as a reliable transmission Control protocol message used by the authorized Zoom servers.这意味着潜在的攻击者可以远程且无需身份验证,可以创建和发送用户数据报协议 (UDP)消息,并将被解释为授权的Zoom服务器使用的可靠传输控制协议消息。
“This attack is especially dangerous because it can be done by both the participants of a Zoom conference and a remote attacker capable of creating a counterfeit UDP package, because they can infiltrate without problems in an existing UDP session, find a Zoom conference underway and trigger the attack,” the digital forensics expert mentioned. “这种攻击特别危险,因为它可以由Zoom会议的参与者和能够创建伪造UDP包的远程攻击者完成,因为他们可以在现有UDP会话中毫无问题地渗透,找到正在进行的缩放会议并触发这次攻击,“ 数字取证专家提到。
From that point, the malicious actor could perform various harmful operations, such as hijacking screen controllers, identity spoofing to send or receive messages addressed to other conference participants, or even expelling other participants from the conference.从那时起,恶意行为者可以执行各种有害操作,例如劫持屏幕控制器,身份欺骗以发送或接收发往其他会议参与者的消息,或者甚至从会议中驱逐其他参与者。
For example, in the proof of concept published by Wells, it was shown how a malicious participant could send UDP packets to take control of a display of the presenter to start his calculator.例如,在Wells发布的概念证明中,显示了恶意参与者如何发送UDP数据包以控制演示者的显示以启动他的计算器。
“Exploiting such vulnerability can be extremely damaging and poses a serious risk to a company's reputation,” says Wells. “利用这种漏洞可能会造成极大的破坏,并对公司的声誉构成严重风险,”威尔斯说。 “Even if a single of the more than 700,000 companies working with Zoom Software were presented, the impact would be significant”. “即使有超过700,000家使用Zoom Software的公司中的一家出现,其影响仍然很大”。
This kind of vulnerability is particularly detrimental to a company, as said by specialists in digital forensics.正如数字取证专家所说,这种漏洞对公司尤其不利。 Companies like Cisco and Adobe have also experienced problems with this kind of computer errors in their videoconferencing systems.像思科和Adobe这样的公司也在他们的视频会议系统中遇到了这种计算机错误的问题。 Just a few days ago, Cisco was correcting a series of flaws in its WebEx conferencing system that allowed remote code execution.就在几天前,思科正在纠正其WebEx会议系统中的一系列漏洞,这些漏洞允许远程执行代码。 For its part, Adobe recently launched an update patch that would correct a series of failures on its Adobe Connect platform.就其本身而言,Adobe最近推出了一个更新补丁,可以纠正其Adobe Connect平台上的一系列故障。
