Escalation of Privilege in Zoom Desktop Client and VDI Client
CVE-2023-39213

9.6CRITICAL

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Desktop Client For Windows And Zoom Vdi Client
Vendor: CVE Published:; 8 August 2023

Summary

A vulnerability affecting the Zoom Desktop Client and Zoom VDI Client prior to version 5.15.2 allows an unauthenticated user to exploit improper neutralization of special elements. This could lead to privilege escalation through network access, potentially compromising the integrity of the system.

Affected Version(s)

Zoom Desktop Client for Windows and Zoom VDI Client Windows before 5.15.2

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 25, 2023