Cryptographic Issues in In-Meeting Chat of Zoom Clients
CVE-2023-39199

6.5MEDIUM

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Clients
Vendor: CVE Published:; 14 November 2023

🔔 Create Zoom Video Communications, Inc. Vulnerability Alert

What is CVE-2023-39199?

Zoom clients have a vulnerability in their In-Meeting Chat feature due to cryptographic flaws, which could allow an authenticated privileged user to gain unauthorized access to sensitive information via network access. This issue emphasizes the importance of securing communication channels and ensuring proper cryptographic protections are in place.

Affected Version(s)

Zoom Clients Windows see references

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jul 25, 2023