Lucene search

K
cve[email protected]CVE-2023-43588
HistoryNov 15, 2023 - 12:15 a.m.

CVE-2023-43588

2023-11-1500:15:08
CWE-691
web.nvd.nist.gov
12
cve-2023-43588
zoom
control flow management
authenticated user
information disclosure
network access
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Affected configurations

NVD
Node
zoommeetingsRange<5.16.0iphone_os
OR
zoommeetingsRange<5.16.0linux
OR
zoommeetingsRange<5.16.0windows
OR
zoomvirtual_desktop_infrastructureRange<5.14.13
OR
zoomvirtual_desktop_infrastructureRange5.15.05.15.11
OR
zoomzoomRange<5.16.0linux
OR
zoomzoomRange<5.16.0macos
OR
zoomzoomRange<5.16.0windows

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS"
    ],
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

Related for CVE-2023-43588