Lucene search

ZoomCVELIST:CVE-2023-34121

HistoryJun 13, 2023 - 5:42 p.m.

CVE-2023-34121

2023-06-1317:42:17

CWE-20

Zoom

www.cve.org

zoom

windows

input validation

network access

privilege escalation

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom for Windows",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Zoom Rooms Client for Windows",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Zoom VDI for Windows Meeting Clients",
    "vendor": "ZoomZoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.0"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for CVELIST:CVE-2023-34121