Local Privilege Escalation in Zoom for macOS Installers
CVE-2023-28596

7.8HIGH

Key Information:

Vendor: Zoom
Status: Zoom Client For Meetings For It Admin Mac OS Installers
Vendor: CVE Published:; 27 March 2023

What is CVE-2023-28596?

The Zoom Client for IT Admin on macOS prior to version 5.13.5 has a vulnerability that allows low-privileged users to escalate their privileges during the installation process. This local privilege escalation can be exploited as part of a larger attack chain, allowing attackers to gain root access to the affected system. Organizations using affected versions of Zoom should prioritize updating to the latest version to mitigate this risk.

Affected Version(s)

Zoom Client for Meetings for IT Admin macOS installers < 5.13.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Mar 17, 2023