Headline
CVE-2023-43586: ZSB 23059
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows - Path Traversal
- Bulletin: ZSB-23059
- CVEID: CVE-2023-43586
- CVSS Severity: High
- CVSS Score: 7.3
- CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Description:
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
Affected Products:
- Zoom Desktop Client for Windows before version 5.16.5
- Zoom VDI Client before version 5.16.0 (excluding 5.14.14 and 5.15.12)
- Zoom Video SDK for Windows before version 5.16.5
- Zoom Meeting SDK for Windows before version 5.16.5
Source:
Reported by shmoul.
Subscribe for updates
Please provide your individual email address to receive notification of future Zoom Security Bulletins. (Note: Email aliases will not receive these notifications.)