Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310149879HistoryJul 05, 2023 - 12:00 a.m.
Zoom Client < 5.14.0 Access Control Vulnerability (ZSB-23008) - Mac OS X
2023-07-0500:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
zoom client
access control
vulnerability
mac os x
improper access control
integrity
availability
version 5.14.0
security bulletin
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.3%
Zoom Client is prone to an improper access control
vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:zoom:zoom";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.149879");
script_version("2023-10-13T16:09:03+0000");
script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-07-05 04:50:04 +0000 (Wed, 05 Jul 2023)");
script_tag(name:"cvss_base", value:"5.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-06-21 20:52:00 +0000 (Wed, 21 Jun 2023)");
script_cve_id("CVE-2023-28600");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Zoom Client < 5.14.0 Access Control Vulnerability (ZSB-23008) - Mac OS X");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("General");
script_dependencies("gb_zoom_client_ssh_login_macosx_detect.nasl");
script_mandatory_keys("zoom/client/mac/detected");
script_tag(name:"summary", value:"Zoom Client is prone to an improper access control
vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"impact", value:"A malicious user may be able to delete/replace Zoom Client files
potentially causing a loss of integrity and availability to the Zoom Client.");
script_tag(name:"affected", value:"Zoom Client prior to version 5.14.0.");
script_tag(name:"solution", value:"Update to version 5.14.0 or later.");
script_xref(name:"URL", value:"https://explore.zoom.us/en/trust/security/security-bulletin/");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!infos = get_app_version_and_location(cpe: CPE, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less(version: version, test_version: "5.14.0")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.14.0", install_path: location);
security_message(port: 0, data: report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2023-28600
2023-06-13 18:15:21
nessus
nessus
Zoom Client for Meetings < 5.14.0 Vulnerability (ZSB-23008)
2023-06-13 00:00:00
cvelist
cvelist
CVE-2023-28600
2023-06-13 17:00:53
nvd
nvd
CVE-2023-28600
2023-06-13 18:15:21
prion
prion
Improper access control
2023-06-13 18:15:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7.1 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.3%
Related for OPENVAS:1361412562310149879