Insufficient Control Flow Management in Zoom Clients
CVE-2023-43588

6.5MEDIUM

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Clients
Vendor: CVE Published:; 15 November 2023

Summary

Some Zoom clients exhibit insufficient control flow management, potentially enabling authenticated users to exploit this weakness and conduct information disclosure through network access. This poses a risk to sensitive information if not addressed through timely software updates and security measures. Users are encouraged to review the latest security updates from Zoom to mitigate this vulnerability.

Affected Version(s)

Zoom Clients Windows see references

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Sep 19, 2023