CVE-2023-49646: ZSB 23062

Zoom Clients - Improper Authentication

• Bulletin: ZSB-23062
• CVEID: CVE-2023-49646
• CVSS Severity: Medium
• CVSS Score: 5.4
• CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Description:

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

• Zoom Desktop Client for Windows before version 5.16.5
• Zoom Desktop Client for macOS before version 5.16.5
• Zoom Mobile App for iOS before version 5.16.5
• Zoom Mobile App for Android before version 5.16.5
• Zoom Desktop Client for Linux before version 5.16.5
• Zoom VDI Client before version 5.16.5 (excluding 5.14.14 and 5.15.12)
• Zoom SDKs before version 5.16.5

Source:

Reported by Zoom Offensive Security Team.

Subscribe for updates

Please provide your individual email address to receive notification of future Zoom Security Bulletins. (Note: Email aliases will not receive these notifications.)