CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Published: Dec 14, 2023
Updated: Dec 19, 2023
CVE: CVE-2023-43586
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
zoom / meeting_software_development_kit	-	5.16.5
zoom / video_software_development_kit	-	5.16.5
zoom / virtual_desktop_infrastructure	5.15.0	5.15.12
zoom / virtual_desktop_infrastructure	-	5.14.14
zoom / zoom	-	5.16.5

https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/

Vulnerability Database

289,689

CVE-2023-43586