Improper Authorization in Zoom Clients Leading to Privilege Escalation
CVE-2023-43582

8.8HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Clients
Vendor: CVE Published:; 15 November 2023

Summary

An improper authorization vulnerability in various Zoom client implementations can potentially allow an authorized user to conduct privilege escalation through network access. This flaw may enable unauthorized access to more sensitive features, compromising the integrity of the user’s session and introducing considerable risks. Users are advised to update their Zoom clients to the latest versions to mitigate this issue.

Affected Version(s)

Zoom Clients Windows see references

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Sep 19, 2023