Local Privilege Escalation in Zoom for Windows Installers
CVE-2023-22883

7.2HIGH

Key Information:

Vendor: Zoom
Status: Zoom Client For Meetings For It Admin Windows Installers
Vendor: CVE Published:; 16 March 2023

Summary

The Zoom Client for IT Admin Windows installers prior to version 5.13.5 contain a vulnerability that allows a local low-privileged user to exploit the installation process. Through this exploitation, the user can escalate their privileges to that of the SYSTEM user, potentially granting them access to sensitive system resources and increased control over the system.

Affected Version(s)

Zoom Client for Meetings for IT Admin Windows installers < 5.13.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jan 9, 2023