CVE-2023-34120

Published: Jun 13, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Affected (1)

Products: Zoom: Virtual Desktop Infrastructure

1 product

Virtual Desktop Infrastructure

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zoom Virtual Desktop Infrastructure	Before 5.14.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.