Vulnerabilites related to Zoom Video Communications, Inc. - Zoom Desktop Client for Windows
CVE-2023-36540 (GCVE-0-2023-36540)
Vulnerability from cvelistv5
Published
2023-08-08 17:05
Modified
2024-10-04 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.14.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T17:29:45.993346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T17:30:41.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"value": "Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:05:59.963Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36540",
"datePublished": "2023-08-08T17:05:59.963Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-10-04T17:30:41.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36541 (GCVE-0-2023-36541)
Vulnerability from cvelistv5
Published
2023-08-08 17:27
Modified
2024-10-10 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.14.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:24:05.567218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:24:14.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access."
}
],
"value": "Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-35",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:27:48.651Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36541",
"datePublished": "2023-08-08T17:27:48.651Z",
"dateReserved": "2023-06-22T18:04:31.169Z",
"dateUpdated": "2024-10-10T16:24:14.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39216 (GCVE-0-2023-39216)
Vulnerability from cvelistv5
Published
2023-08-08 17:48
Modified
2024-10-10 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.14.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:22:05.535860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:22:15.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.7"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access."
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:11:10.571Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39216",
"datePublished": "2023-08-08T17:48:05.348Z",
"dateReserved": "2023-07-25T18:38:00.939Z",
"dateUpdated": "2024-10-10T16:22:15.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39209 (GCVE-0-2023-39209)
Vulnerability from cvelistv5
Published
2023-08-08 21:39
Modified
2024-10-04 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T17:29:30.375597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T17:31:35.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access."
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:03:35.453Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39209",
"datePublished": "2023-08-08T21:39:52.327Z",
"dateReserved": "2023-07-25T18:38:00.937Z",
"dateUpdated": "2024-10-04T17:31:35.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34116 (GCVE-0-2023-34116)
Vulnerability from cvelistv5
Published
2023-07-11 16:56
Modified
2024-10-22 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:38:53.776208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:41:18.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.0"
}
]
}
],
"datePublic": "2023-07-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.\u003cbr\u003e"
}
],
"value": "Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:28:14.920Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-34116",
"datePublished": "2023-07-11T16:56:16.132Z",
"dateReserved": "2023-05-25T22:01:29.097Z",
"dateUpdated": "2024-10-22T20:41:18.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24694 (GCVE-0-2024-24694)
Vulnerability from cvelistv5
Published
2024-04-09 17:13
Modified
2024-09-20 14:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before version 5.17.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24011/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T16:24:28.997476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:31:27.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before version 5.17.10"
}
]
}
],
"datePublic": "2024-04-09T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"value": "Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:41:30.868Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24011/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Desktop Client for Windows - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24694",
"datePublished": "2024-04-09T17:13:08.845Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-09-20T14:41:30.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36534 (GCVE-0-2023-36534)
Vulnerability from cvelistv5
Published
2023-08-08 17:35
Modified
2024-10-10 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Path Traversal
Summary
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows |
Version: before 5.14.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:23:33.681940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:23:44.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.7"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access."
}
],
"value": "Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:35:29.278Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36534",
"datePublished": "2023-08-08T17:35:29.278Z",
"dateReserved": "2023-06-22T18:04:31.168Z",
"dateUpdated": "2024-10-10T16:23:44.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}