CVE-2024-44729 is a vulnerability identified in the Mirotalk open-source video conferencing application, specifically in the app/src/server.js component prior to commit 9de226. The root cause is incorrect access control that permits unauthenticated attackers, who do not possess presenter privileges, to arbitrarily eject users from ongoing meetings. This flaw violates the principle of least privilege by allowing unauthorized users to perform disruptive actions typically reserved for meeting presenters or administrators. The vulnerability does not require any authentication or user interaction, making it remotely exploitable over the network (Attack Vector: Network). The impact is primarily on availability, as attackers can forcibly remove legitimate participants, causing denial of service to meeting attendees. The CVSS v3.1 base score is 7.5 (High), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating no impact on confidentiality or integrity but a significant impact on availability. No known public exploits have been reported yet, and no official patches have been linked, suggesting the need for immediate attention from maintainers and users. The vulnerability is categorized under CWE-732 (Incorrect Permission Assignment for Critical Resource), highlighting a failure in enforcing proper access controls on sensitive operations. This issue is critical for organizations relying on Mirotalk for secure and stable remote collaboration, as it can be exploited to disrupt meetings and degrade user experience.

The primary impact of CVE-2024-44729 is on the availability of Mirotalk meetings. Attackers can eject legitimate users without authentication, causing denial of service and disrupting communication workflows. This can lead to operational delays, reduced productivity, and potential loss of trust in the platform's reliability. For organizations using Mirotalk in critical environments such as education, healthcare, or corporate communications, such disruptions could have cascading effects on business continuity and decision-making processes. Although confidentiality and integrity are not directly affected, the ability to arbitrarily remove participants could be leveraged in coordinated attacks to cause repeated interruptions or to exclude key stakeholders from meetings. The ease of exploitation (no authentication or user interaction required) increases the risk of widespread abuse, especially in public or poorly secured deployments. The lack of known exploits in the wild currently limits immediate threat but does not reduce the urgency for mitigation given the high CVSS score and potential impact.

1. Immediately review and update access control logic in the Mirotalk server code, specifically ensuring that only authenticated users with presenter or appropriate administrative privileges can eject participants. 2. Implement strict role-based access control (RBAC) mechanisms and validate permissions on all critical meeting management functions. 3. Monitor meeting logs and audit trails for unusual ejection patterns or unauthorized access attempts to detect potential exploitation attempts early. 4. If possible, restrict meeting access to authenticated users only and enforce strong authentication mechanisms to reduce exposure. 5. Deploy network-level protections such as Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the eject functionality. 6. Engage with the Mirotalk development community or maintainers to obtain patches or updates addressing this vulnerability as soon as they become available. 7. Educate users and administrators about this vulnerability and encourage prompt reporting of any unexpected meeting disruptions. 8. Consider temporary mitigation by disabling or restricting eject functionality until a secure fix is applied.