PT-2023-1099 · Zoom · Zoom Rooms For Windows
Published
2023-01-06
·
Updated
2023-01-13
·
CVE-2022-36930
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Rooms for Windows versions prior to 5.13.0
Description
The issue is related to an uncontrolled search path element in the Zoom video conferencing software. Exploitation of this issue could allow an attacker to elevate their privileges to the SYSTEM user. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.
Recommendations
For Zoom Rooms for Windows versions prior to 5.13.0, update to version 5.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Zoom Rooms for Windows installer to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Rooms For Windows