Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveZoomCVE-2023-43586
HistoryDec 13, 2023 - 11:15 p.m.

CVE-2023-43586

2023-12-1323:15:07
CWE-426
CWE-22
Zoom
web.nvd.nist.gov
52
cve-2023-43586
zoom
desktop client
windows
path traversal
escalation of privilege
network access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Affected configurations

Nvd
Node
zoommeeting_software_development_kitRange<5.16.5windows
OR
zoomvideo_software_development_kitRange<5.16.5windows
OR
zoomvirtual_desktop_infrastructureRange<5.14.14
OR
zoomvirtual_desktop_infrastructureRange5.15.05.15.12
OR
zoomzoomRange<5.16.5windows
VendorProductVersionCPE
zoommeeting_software_development_kit*cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
zoomvideo_software_development_kit*cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
zoomvirtual_desktop_infrastructure*cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "See references"
      }
    ]
  }
]

Related

nessus 2
prion 1
nvd 1
cvelist 1
openvas 1
nessus
nessus
Zoom Client for Meetings < 5.16.5 Vulnerability (ZSB-23059)
2024-02-20 00:00:00
Zoom VDI Meeting Client < 5.16.0 Vulnerability (ZSB-23059)
2024-02-20 00:00:00
prion
prion
Path traversal
2023-12-13 23:15:00
nvd
nvd
CVE-2023-43586
2023-12-13 23:15:07
cvelist
cvelist
CVE-2023-43586
2023-12-13 22:17:48
openvas
openvas
Zoom Client < 5.16.5 Multiple Vulnerabilities (ZSB-23059, ZSB-23062, ZSB-24007, ZSB-24008) - Windows
2023-12-21 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON
Related for CVE-2023-43586
nessus2prion1nvd1cvelist1openvas1