Zoom Clients - Improper Authentication

Bulletin: ZSB-23062
CVEID: CVE-2023-49646
CVSS Severity: Medium
CVSS Score: 5.4
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Description:

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.16.5
Zoom Desktop Client for macOS before version 5.16.5
Zoom Mobile App for iOS before version 5.16.5
Zoom Mobile App for Android before version 5.16.5
Zoom Desktop Client for Linux before version 5.16.5
Zoom VDI Client before version 5.16.5 (excluding 5.14.14 and 5.15.12)
Zoom SDKs before version 5.16.5

Source:

Reported by Zoom Offensive Security Team.

Revision	Date	Description
1.0	12/12/2023	Initial Publication

Zoom Clients - Improper Authentication

Subscribe for updates