Privilege Escalation Flaw in Zoom Desktop Client for Windows
CVE-2023-36540

7.3HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Desktop Client For Windows
Vendor: CVE Published:; 8 August 2023

🔔 Create Zoom Video Communications, Inc. Vulnerability Alert

What is CVE-2023-36540?

A vulnerability has been identified in the installer for the Zoom Desktop Client for Windows, permitting an authenticated user to exploit an untrusted search path. This may lead to an escalation of privileges, allowing the user to execute unauthorized actions within the system. Users of the affected versions are advised to update promptly to mitigate potential security risks.

Affected Version(s)

Zoom Desktop Client for Windows Windows before 5.14.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 22, 2023