Lucene search
HistoryDec 13, 2023 - 11:15 p.m.
CVE-2023-43586
zoom
windows
path traversal
privilege escalation
network access
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.0%
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Affected configurations
Node
zoommeeting_software_development_kitRange<5.16.5windows
ORzoomvideo_software_development_kitRange<5.16.5windows
ORzoomvirtual_desktop_infrastructureRange<5.14.14
ORzoomvirtual_desktop_infrastructureRange5.15.0–5.15.12
ORzoomzoomRange<5.16.5windows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:* |
| zoom | video_software_development_kit | * | cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:* |
| zoom | virtual_desktop_infrastructure | * | cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:* |
| zoom | zoom | * | cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:* |
Related
nessus
nessus
Zoom Client for Meetings < 5.16.5 Vulnerability (ZSB-23059)
2024-02-20 00:00:00
Zoom VDI Meeting Client < 5.16.0 Vulnerability (ZSB-23059)
2024-02-20 00:00:00
cvelist
cvelist
CVE-2023-43586
2023-12-13 22:17:48
cve
cve
CVE-2023-43586
2023-12-13 23:15:07
prion
prion
Path traversal
2023-12-13 23:15:00
openvas
openvas
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.0%
Related for NVD:CVE-2023-43586