Path Traversal Vulnerability in Zoom Desktop Client for Windows
CVE-2023-36534

9.3CRITICAL

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Desktop Client For Windows
Vendor: CVE Published:; 8 August 2023

Summary

The Zoom Desktop Client for Windows is susceptible to a path traversal vulnerability that can be exploited by unauthenticated users. This flaw allows attackers to gain escalated privileges through network access, posing potential risks to user security. Users are advised to upgrade to version 5.14.7 or later to mitigate any possible threats associated with this vulnerability.

Affected Version(s)

Zoom Desktop Client for Windows Windows before 5.14.7

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 22, 2023