Path Traversal Vulnerability in Zoom Desktop Client and SDKs on Windows
CVE-2023-43586

7.3HIGH

Key Information:

Vendor

Zoom Video Communications, Inc.
Status
Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows
Vendor
CVE Published:
13 December 2023

What is CVE-2023-43586?

A path traversal vulnerability in the Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows allows authenticated users to exploit network access for privilege escalation. Attackers may leverage this weakness to access restricted files and execute unauthorized commands, posing a significant security risk.

Affected Version(s)

Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows Windows See references

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.