CVE-2023-39211

Published: Aug 8, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

Affected (2)

Products: Zoom: Rooms, Zoom

Zoom

2 products

Rooms

Zoom

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zoom Rooms	Before 5.15.5
Zoom Zoom	Before 5.15.5

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.