CVE-2023-39214

Published: Aug 8, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

Affected (12)

Products: Zoom: Meeting Software Development Kit, Rooms, Zoom

Zoom

3 products

Meeting Software Development Kit

Rooms

Zoom

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Zoom Meeting Software Development Kit	Before 5.15.5
Zoom Meeting Software Development Kit	Before 5.15.5
Zoom Meeting Software Development Kit	Before 5.15.5
Zoom Rooms	Before 5.15.5
Zoom Rooms	Before 5.15.5
Zoom Rooms	Before 5.15.5
Zoom Rooms	Before 5.15.5
Zoom Zoom	Before 5.15.5
Zoom Zoom	Before 5.15.5
Zoom Zoom	Before 5.15.5
Zoom Zoom	Before 5.15.5
Zoom Zoom	Before 5.15.5

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

CWE-749

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: security@zoom.us

Vendor Advisory

https://explore.zoom.us/en/trust/security/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.