Zoom Clients - Client-Side Enforcement of Server-Side Security

Bulletin: ZSB-23034
CVEID: CVE-2023-39218
CVSS Severity: Medium
CVSS Score: 6.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Description:

Client-side enforcement of server-side security in Zoom clients before version 5.14.10 may allow a privileged user to enable information disclosure via network access.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Desktop Client for Windows before version 5.14.10
Zoom Desktop Client for macOS before version 5.14.10
Zoom Desktop Client for Linux before version 5.14.10
Zoom VDI Host and Plugin before version 5.14.10
Zoom Mobile App for Android before version 5.14.10
Zoom Mobile App for iOS before version 5.14.10
Zoom Rooms for iPad before version 5.14.10
Zoom Rooms for Android before version 5.14.10
Zoom Rooms for Windows before version 5.14.10
Zoom Rooms for macOS before version 5.14.10

Source:

Reported by Zoom Offensive Security Team.

Revision	Date	Description
1.0	08/08/2023	Initial Publication

Zoom Workplace

Business Services

By industry

By audience

Enterprise

For Developer

For partners

🚀 NEW My notes, your AI note taker

Zoom Clients - Client-Side Enforcement of Server-Side Security

Zoom Clients - Client-Side Enforcement of Server-Side Security

Subscribe for updates