The vulnerability of Zoom’s video conferencing software lies in the improper verification of cryptographic signatures, which allows attackers to downgrade the versions of Zoom components to earlier versions.

🗓️ 26 Jul 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Zoom vulnerability from improper cryptographic signature verification allows downgrading components.

Reporter	Title	Published	Views	Family All 10
CNNVD	Zoom Client 数据伪造问题漏洞	13 Jun 202300:00	–	cnnvd
CVE	CVE-2023-28602	13 Jun 202317:30	–	cve
Cvelist	CVE-2023-28602	13 Jun 202317:30	–	cvelist
EUVD	EUVD-2023-32272	3 Oct 202520:07	–	euvd
NVD	CVE-2023-28602	13 Jun 202318:15	–	nvd
OpenVAS	Zoom Client < 5.13.5 Cryptographic Signature Verification Vulnerability (ZSB-23010) - Windows	5 Jul 202300:00	–	openvas
OSV	CVE-2023-28602	13 Jun 202318:15	–	osv
Prion	Information disclosure	13 Jun 202318:15	–	prion
Vulnrichment	CVE-2023-28602	13 Jun 202317:30	–	vulnrichment
Tenable Nessus	Zoom Client for Meetings < 5.13.5 Vulnerability (ZSB-23010)	13 Jun 202300:00	–	nessus

Vulners

Node

zoom_video_communications,zoomRange<5.13.5

Source	Link
explore	www.explore.zoom.us/en/trust/security/security-bulletin/
vuldb	www.vuldb.com/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2023031504
web	www.web.nvd.nist.gov/view/vuln/detail

26 Jul 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 21

CVSS 32.8

EPSS0.00104

cryptographic signatures downgrading components Zoom versions improper verification