Uncontrolled Resource Consumption in Zoom Desktop Client and VDI Client
CVE-2023-39203

7.5HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Rooms Client For Windows And Zoom Vdi Client
Vendor: CVE Published:; 14 November 2023

Summary

A vulnerability in Zoom Team Chat has been identified, which allows for uncontrolled resource consumption in both Zoom Desktop Client for Windows and Zoom VDI Client. An unauthenticated user can exploit this vulnerability via network access, potentially leading to unauthorized disclosure of information. Users should ensure they are updated with the latest security patches provided by Zoom to mitigate this risk.

Affected Version(s)

Zoom Rooms Client for Windows and Zoom VDI Client Windows see references

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jul 25, 2023