- Description
- Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
- Source
- security@zoom.us
- NVD status
- Analyzed
- Products
- meeting_software_development_kit, workplace_desktop, workplace_virtual_desktop_infrastructure
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@zoom.us
- CWE-754
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FD804C73-54B7-4FF6-ADEF-EB279977FAF3",
"versionEndExcluding": "6.6.11",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C04F1CBB-A53C-421A-BBA5-6EC3B2CB4BE3",
"versionEndExcluding": "6.6.11",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EB3D3897-5003-4611-96FE-11E50164E4E6",
"versionEndIncluding": "6.6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]