CVE-2023-28597

Name of the Vulnerable Software and Affected Versions Zoom versions prior to 5.13.5

Description The issue is related to an improper trust boundary implementation when connecting to an SMB server. This could allow a remote attacker to gain unauthorized access to protected information or execute arbitrary code. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom's web portal, an attacker on an adjacent network could set up a malicious SMB server, causing the client to execute attacker-controlled executables. This may result in an attacker gaining access to a user's device and data, and remote code execution.

Recommendations For versions prior to 5.13.5, update to version 5.13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to SMB servers or avoiding the use of links from Zoom's web portal to open local recordings until the update is applied.