CVE-2023-49647

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Published: Jan 12, 2024
Updated: Jan 23, 2024
CVE: CVE-2023-49647
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zoom / zoom	-	5.16.10
zoom / video_software_development_kit	-	5.16.10
zoom / meeting_software_development_kit	-	5.16.10
zoom / virtual_desktop_infrastructure	-	5.14.14
zoom / virtual_desktop_infrastructure	5.15.0	5.15.12
zoom / virtual_desktop_infrastructure	5.16.0	5.16.10

https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/

Vulnerability Database

289,689

CVE-2023-49647