Lucene search

ZoomCVELIST:CVE-2023-28602

HistoryJun 13, 2023 - 5:30 p.m.

CVE-2023-28602

2023-06-1317:30:07

CWE-347

Zoom

www.cve.org

cve-2023-28602

zoom

windows

cryptographic

signature

vulnerability

downgrade

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.7%

JSON

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom for Windows Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.13.5"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVELIST:CVE-2023-28602