Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows- Improper Access Control

Bulletin: ZSB-24001
CVEID: CVE-2023-49647
CVSS Severity: High
CVSS Score: 8.8
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description:

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.16.10
VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
Zoom Video SDK for Windows before version 5.16.10
Zoom Meeting SDK for Windows before version 5.16.10

Source:

Reported by sim0nsecurity.

Revision	Date	Description
1.0	01/09/2024	Initial Publication

Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows- Improper Access Control

Subscribe for updates