PT-2023-28872 · Zoom · Zoom Desktop Client For Windows+2
Shmoul
·
Publicado
2023-12-13
·
Atualizado
2023-12-18
·
CVE-2023-43586
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Desktop Client for Windows (affected versions not specified)
Zoom VDI Client for Windows (affected versions not specified)
Zoom SDKs for Windows (affected versions not specified)
Description
The issue allows an authenticated user to conduct an escalation of privilege via network access due to path traversal in the affected software.
Recommendations
For Zoom Desktop Client for Windows, update to a version that includes a fix for this issue.
For Zoom VDI Client for Windows, update to a version that includes a fix for this issue.
For Zoom SDKs for Windows, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting network access to minimize the risk of exploitation.
Correção
Untrusted Search Path
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zoom Desktop Client For Windows
Zoom Sdks For Windows
Zoom Vdi Client For Windows