CVE-2023-39216

CVSS 9.6 CRITICALEPSS 1.1%CWE-80

In short

Zoom Desktop Client for Windows before version 5.14.7 has a flaw that fails to properly check user input, allowing someone on the network to gain higher privileges without needing to log in first.

Technical detail

Improper input validation in Zoom Desktop Client for Windows (pre-5.14.7) enables privilege escalation via network access without authentication. The vulnerability stems from insufficient validation of user-supplied input (CWE-80), allowing an unauthenticated attacker on the network to exploit the flaw and elevate their privileges on the affected system.

Summary generated and translated by AI from the official description.

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Zoom Video Communications, Inc. · Zoom Desktop Client for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/