Lucene search

ZoomCVELIST:CVE-2023-43586

HistoryDec 13, 2023 - 10:17 p.m.

CVE-2023-43586

2023-12-1322:17:48

CWE-426

Zoom

www.cve.org

cve-2023-43586

path traversal

zoom

windows

escalation of privilege

network access

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "See references"
      }
    ]
  }
]

References

www.zoom.com/en/trust/security-bulletin/ZSB-23059/

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

19.0%

JSON

Related for CVELIST:CVE-2023-43586