Zoom Desktop Client for Windows Vulnerability: Escalation of Privilege via Local Access
CVE-2023-49647

8.8HIGH

Key Information:

Vendor: Zoom
Status: Zoom Desktop Client For Windows, Zoom Vdi Client For Windows, And Zoom Sdks For Windows Before Version 5.16.10
Vendor: CVE Published:; 12 January 2024

What is CVE-2023-49647?

An issue has been identified in the Zoom Desktop Client, VDI Client, and SDKs for Windows that presents an improper access control vulnerability. This flaw could enable an authenticated user to escalate privileges through local access, which may compromise the security of the affected systems. Users and organizations relying on these Zoom products should consider upgrading to versions 5.16.10 or later to mitigate the associated risks.

Affected Version(s)

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 Windows before 5.16.0

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Nov 28, 2023