CVE-2023-28600

2023-06-1318:15:21

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-28600

zoom

macos

clients

vulnerability

access control

integrity

availability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

JSON

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

Affected configurations

NVD

Node

zoomzoomRange<5.14.0macos

CPENameOperatorVersion
zoom:zoomzoomlt5.14.0

CPE	Name	Operator	Version
zoom:zoom	zoom	lt	5.14.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom for macOS Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.0"
      }
    ]
  }
]