Improper Privilege Management in Zoom for Windows Clients by Zoom
CVE-2023-34120

7.8HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom For Windows Client; Zoom Rooms Client For Windows; Zoom Vdi For Windows Meeting Clients
Vendor: CVE Published:; 13 June 2023

Summary

A vulnerability in Zoom for Windows, including Zoom Rooms and Zoom VDI prior to version 5.14.0, allows authenticated users to exploit improper privilege management. This could lead to elevated system privileges, enabling them to spawn processes that operate with elevated rights. Such exploitation poses significant security risks, as it may allow unauthorized access to sensitive system functions and data.

Affected Version(s)

Zoom for Windows Client before 5.14.0

Zoom Rooms Client for Windows before 5.14.0

Zoom VDI for Windows Meeting Clients before 5.14.0

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 25, 2023