CVE-2023-34120

7.8HIGH

Key Information

Status
Zoom For Windows Client
Zoom Rooms Client For Windows
Zoom Vdi For Windows Meeting Clients
Vendor
CVE Published:
13 June 2023

Summary

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Affected Version(s)

Zoom for Windows Client = before 5.14.0

Zoom Rooms Client for Windows = before 5.14.0

Zoom VDI for Windows Meeting Clients = before 5.14.0

Refferences

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.