CVE-2023-34119

Published: Jul 11, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

Affected (1)

Products: Zoom: Rooms

Zoom

1 product

Rooms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zoom Rooms	Before 5.15.0

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.