Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows - Path Traversal

Bulletin: ZSB-23059
CVEID: CVE-2023-43586
CVSS Severity: High
CVSS Score: 7.3
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

Description:

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.16.5
Zoom VDI Client before version 5.16.0 (excluding 5.14.14 and 5.15.12)
Zoom Video SDK for Windows before version 5.16.5
Zoom Meeting SDK for Windows before version 5.16.5

Source:

Reported by shmoul.

Revision	Date	Description
1.0	12/12/2023	Initial Publication

Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows - Path Traversal

Subscribe for updates