Zoom Clients - Insufficient Control Flow Management

Bulletin: ZSB-23052
CVEID: CVE-2023-43588
CVSS Severity: Low
CVSS Score: 3.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Description:

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.16.0
Zoom Desktop Client for macOS before version 5.16.0
Zoom Desktop Client for Linux before version 5.16.0
Zoom VDI Client before version 5.16.0 (excluding 5.14.13 and 5.15.11)
Zoom Meeting SDK for Windows before version 5.16.0
Zoom Meeting SDK for iOS before version 5.16.0
Zoom Meeting SDK for Linux before version 5.16.0

Source:

Reported by Zoom Offensive Security Team.

Revision	Date	Description
1.0	11/14/2023	Initial Publication

Zoom Clients - Insufficient Control Flow Management

Subscribe for updates