Privilege Escalation in Zoom Rooms Installer for Windows
CVE-2023-36536

8.2HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Rooms For Windows
Vendor: CVE Published:; 11 July 2023

🔔 Create Zoom Video Communications, Inc. Vulnerability Alert

What is CVE-2023-36536?

An untrusted search path vulnerability exists in the installer of Zoom Rooms for Windows prior to version 5.15.0. This vulnerability allows authenticated users to exploit local access to escalate their privileges, potentially compromising the security of the system. Users should ensure that they are using the latest version of Zoom Rooms to mitigate this risk.

Affected Version(s)

Zoom Rooms for Windows before 5.15.0

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 22, 2023