Lucene search

[email protected]NVD:CVE-2023-28597

HistoryMar 27, 2023 - 9:15 p.m.

CVE-2023-28597

2023-03-2721:15:12

CWE-501

[email protected]

web.nvd.nist.gov

zoom

trust boundary

vulnerability

smb

web portal

remote code execution

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.4%

JSON

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user’s device and data, and remote code execution.

Affected configurations

NVD

Node

zoomroomsRange<5.13.5android

zoomroomsRange<5.13.5iphone_os

zoomroomsRange<5.13.5linux_kernel

zoomroomsRange<5.13.5macos

zoomroomsRange<5.13.5windows

zoomzoomRange<5.13.5android

zoomzoomRange<5.13.5iphone_os

zoomzoomRange<5.13.5linux_kernel

zoomzoomRange<5.13.5macos

zoomzoomRange<5.13.5windows

Node

microsoftwindowsMatch-

AND

zoomvirtual_desktop_infrastructureRange<5.13.10

References

explore.zoom.us/en/trust/security/security-bulletin/

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

35.4%

JSON

Related for NVD:CVE-2023-28597

prion1 cve1 cvelist1 nessus2 openvas3