PT-2023-28872 · Zoom · Zoom Desktop Client For Windows+2
Shmoul
·
Published
2023-12-13
·
Updated
2023-12-18
·
CVE-2023-43586
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Desktop Client for Windows (affected versions not specified)
Zoom VDI Client for Windows (affected versions not specified)
Zoom SDKs for Windows (affected versions not specified)
Description
The issue allows an authenticated user to conduct an escalation of privilege via network access due to path traversal in the affected software.
Recommendations
For Zoom Desktop Client for Windows, update to a version that includes a fix for this issue.
For Zoom VDI Client for Windows, update to a version that includes a fix for this issue.
For Zoom SDKs for Windows, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting network access to minimize the risk of exploitation.
Fix
Untrusted Search Path
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zoom Desktop Client For Windows
Zoom Sdks For Windows
Zoom Vdi Client For Windows