Lucene search

[email protected]CVE-2023-43588

HistoryNov 15, 2023 - 12:15 a.m.

CVE-2023-43588

2023-11-1500:15:08

CWE-691

[email protected]

web.nvd.nist.gov

cve-2023-43588

zoom

control flow management

authenticated user

information disclosure

network access

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Affected configurations

NVD

Node

zoommeetingsRange<5.16.0iphone_os

zoommeetingsRange<5.16.0linux

zoommeetingsRange<5.16.0windows

zoomvirtual_desktop_infrastructureRange<5.14.13

zoomvirtual_desktop_infrastructureRange5.15.0–5.15.11

zoomzoomRange<5.16.0linux

zoomzoomRange<5.16.0macos

zoomzoomRange<5.16.0windows

CPENameOperatorVersion
zoom:meetingszoom meetingslt5.16.0
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.14.13
zoom:virtual_desktop_infrastructurezoom virtual desktop infrastructurelt5.15.11
zoom:zoomzoomlt5.16.0

CPE	Name	Operator	Version
zoom:meetings	zoom meetings	lt	5.16.0
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.14.13
zoom:virtual_desktop_infrastructure	zoom virtual desktop infrastructure	lt	5.15.11
zoom:zoom	zoom	lt	5.16.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS"
    ],
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ]
  }
]