CVE-2023-39213
CVE-2023-39213
In short
Zoom Desktop Client for Windows has a flaw that allows an attacker to bypass security controls and gain higher privileges on a computer without needing a password or user account. This is critical because attackers on the network can exploit it remotely.
Technical detail
CWE-176 (improper neutralization of special elements) in Zoom Desktop Client for Windows and VDI Client before 5.15.2 permits unauthenticated network-based privilege escalation. The vulnerability stems from insufficient input validation of special characters or crafted elements in network communications, enabling attackers to trigger unintended code execution or privilege elevation without authentication.
Summary generated and translated by AI from the official description.
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Zoom Video Communications, Inc. · Zoom Desktop Client for Windows and Zoom VDI ClientWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →