Improper Verification of Cryptographic Signature in Zoom Clients
- ZSB-23010
- CVE-2023-28602
- Low
- 2.8
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom for Windows clients before version 5.13.5
Reported by Kirin (Pwnrin)
| Revision | Date | Description |
|---|---|---|
| 1.0 | 06/13/2023 | Initial Publication |