CVE-2023-43586

7.3HIGH

Key Information

Vendor: Zoom Video Communications, Inc.
Status: Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows
Vendor: CVE Published:; 13 December 2023

Summary

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Affected Version(s)

Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows = See references

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Dec 13, 2023
Vulnerability Reserved.
Sep 19, 2023

Collectors

NVD DatabaseMitre Database