Improper Input Validation in Zoom Desktop Client for Windows
CVE-2023-34116

8.2HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Desktop Client For Windows
Vendor: CVE Published:; 11 July 2023

Summary

An improper input validation vulnerability exists in the Zoom Desktop Client for Windows, potentially allowing an unauthorized user to escalate privileges through network access. This flaw affects versions released prior to 5.15.0, posing a security risk that could allow attackers to gain additional permissions within the application. It is essential for users and organizations to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Zoom Desktop Client for Windows before 5.15.0

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
May 25, 2023