Lucene search

ZoomCVELIST:CVE-2023-28603

HistoryJun 13, 2023 - 5:34 p.m.

CVE-2023-28603

2023-06-1317:34:55

CWE-73

Zoom

www.cve.org

zoom

vdi client

access control

vulnerability

local files

permissions

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom VDI Windows Meeting Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.0"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-28603