CVE-2023-28600

Published: Jun 13, 2023Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

Affected (1)

Products: Zoom: Zoom

Zoom

1 product

Zoom

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Zoom	Before 5.14.0

Related CWEs

CWE-378

Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.