Improper Privilege Management

Bulletin: ZSB-23012
CVEID: CVE-2023-34120
CVSS Severity: High
CVSS Score: 8.7
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Description:

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom for Windows clients before version 5.14.0
Zoom Rooms client for Windows before version 5.14.0
Zoom VDI Windows Meeting clients before version 5.14.0

Source:

Reported by sim0nsecurity

Revision	Date	Description
1.0	06/13/2023	Initial Publication

Improper Privilege Management

Subscribe for updates