Lucene search
HistoryAug 08, 2023 - 6:15 p.m.
CVE-2023-36540
cve-2023-36540
zoom desktop client
windows
privilege escalation
installer
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
Affected configurations
Node
zoomzoomRange<5.14.5windows
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
]Related
cvelist
cvelist
CVE-2023-36540
2023-08-08 17:05:59
prion
prion
Design/Logic Flaw
2023-08-08 18:15:00
nvd
nvd
CVE-2023-36540
2023-08-08 18:15:14
nessus
nessus
Zoom Client for Meetings < 5.14.5 Vulnerability (ZSB-23026)
2023-11-03 00:00:00
openvas
openvas
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2023-36540