Zoom Desktop Client for Windows Vulnerability: Escalation of Privilege via Local Access
CVE-2023-49647

8.8HIGH

Key Information:

Vendor: Zoom
Status: Zoom Desktop Client For Windows, Zoom Vdi Client For Windows, And Zoom Sdks For Windows Before Version 5.16.10
Vendor: CVE Published:; 12 January 2024

What is CVE-2023-49647?

An issue has been identified in the Zoom Desktop Client, VDI Client, and SDKs for Windows that presents an improper access control vulnerability. This flaw could enable an authenticated user to escalate privileges through local access, which may compromise the security of the affected systems. Users and organizations relying on these Zoom products should consider upgrading to versions 5.16.10 or later to mitigate the associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 Windows before 5.16.0

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Nov 28, 2023

JSON

Zoom

What is CVE-2023-49647?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.