CVE-2023-43586

Published Dec 13, 2023

Last updated 6 months ago

CVSS high 7.3

Overview

Description: Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Source: security@zoom.us
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security@zoom.us: CWE-426
nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
            "versionEndExcluding": "5.16.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE",
            "versionEndExcluding": "5.16.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7",
            "versionEndExcluding": "5.14.14"
          },
          {
            "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697",
            "versionEndExcluding": "5.15.12",
            "versionStartIncluding": "5.15.0"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
            "versionEndExcluding": "5.16.5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References