Lucene search

[email protected]CVE-2023-39199

HistoryNov 14, 2023 - 11:15 p.m.

CVE-2023-39199

2023-11-1423:15:08

CWE-310

[email protected]

web.nvd.nist.gov

cve-2023-39199

cryptographic issues

zoom

in-meeting chat

info disclosure

network access

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

Affected configurations

NVD

Node

zoommeetingsRange<5.16.0android

zoommeetingsRange<5.16.0iphone_os

zoommeetingsRange<5.16.0linux

zoommeetingsRange<5.16.0macos

zoommeetingsRange<5.16.0windows

zoomroomsRange<5.16.0android

zoomroomsRange<5.16.0ipad_os

zoomroomsRange<5.16.0macos

zoomroomsRange<5.16.0windows

zoomvirtual_desktop_infrastructureRange<5.14.13

zoomvirtual_desktop_infrastructureRange5.15.0–5.15.11

zoomzoomRange<5.16.0android

zoomzoomRange<5.16.0iphone_os

zoomzoomRange<5.16.0linux

zoomzoomRange<5.16.0macos

zoomzoomRange<5.16.0windows

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.16.0
zoom:roomszoom roomslt5.16.0
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.14.13
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.15.11
zoom:zoomzoomlt5.16.0

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.16.0
zoom:rooms	zoom rooms	lt	5.16.0
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.14.13
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.15.11
zoom:zoom	zoom	lt	5.16.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS",
      "Android"
    ],
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ]
  }
]