Input Validation Flaw in Zoom for Windows and Related Products
CVE-2023-34121

8.8HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom For Windows; Zoom Rooms Client For Windows; Zoom Vdi For Windows Meeting Clients
Vendor: CVE Published:; 13 June 2023

Summary

An improper input validation vulnerability in the Zoom for Windows, Zoom Rooms, and Zoom VDI Windows Meeting clients prior to version 5.14.0 has been identified. This security lapse could potentially allow an authenticated user to exploit the flaw and escalate privileges through network access, compromising the application's integrity.

Affected Version(s)

Zoom for Windows before 5.14.0

Zoom Rooms Client for Windows before 5.14.0

Zoom VDI for Windows Meeting Clients before 5.14.0

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 25, 2023