Lucene search

ZoomCVELIST:CVE-2023-39201

HistorySep 12, 2023 - 7:56 p.m.

CVE-2023-39201

2023-09-1219:56:36

CWE-426

Zoom

www.cve.org

cleanzoom

untrusted search path

privilege escalation

local access

cve-2023-39201

07/24/2023

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "CleanZoom",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before file date 07/24/2023"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-39201