Zoom Clients - Client-Side Enforcement of Server-Side Security

Bulletin: ZSB-23031
CVEID: CVE-2023-36535
CVSS Severity: High
CVSS Score: 7.1
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Description:

Client-side enforcement of server-side security in Zoom clients before version 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Clients for Windows before version 5.14.10
Zoom Desktop Client for macOS before version 5.14.10
Zoom Desktop Client for Linux before version 5.14.10
Zoom VDI Host and Plugin before version 5.14.10
Zoom Mobile App for Android before version 5.14.10
Zoom Mobile App for iOS before version 5.14.10
Zoom Rooms for iPad before version 5.14.10
Zoom Rooms for Android before version 5.14.10
Zoom Rooms for Windows before version 5.14.10
Zoom Rooms for macOS before version 5.14.10

Source:

Reported by Zoom Offensive Security Team.

Revision	Date	Description
1.0	08/08/2023	Initial Publication

Zoom Clients - Client-Side Enforcement of Server-Side Security

Subscribe for updates