Vulnerabilites related to zoom - video_software_development_kit
cve-2023-39205
Vulnerability from cvelistv5
Published
2023-11-14 22:32
Modified
2024-08-29 15:20
Severity ?
EPSS score ?
Summary
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39205", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T15:18:14.262007Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T15:20:19.803Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2023-11-14T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.", }, ], impacts: [ { capecId: "CAPEC-26", descriptions: [ { lang: "en", value: "CAPEC-26 Leveraging Race Conditions", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T22:32:18.711Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-39205", datePublished: "2023-11-14T22:32:18.711Z", dateReserved: "2023-07-25T18:37:58.424Z", dateUpdated: "2024-08-29T15:20:19.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39206
Vulnerability from cvelistv5
Published
2023-11-14 23:02
Modified
2024-08-29 15:45
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T15:33:18.137787Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T15:45:07.488Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2023-11-14T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T23:02:41.332Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-39206", datePublished: "2023-11-14T23:02:41.332Z", dateReserved: "2023-07-25T18:37:58.424Z", dateUpdated: "2024-08-29T15:45:07.488Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45417
Vulnerability from cvelistv5
Published
2025-02-25 19:49
Modified
2025-02-26 16:42
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45417", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T16:41:05.991990Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-26T16:42:11.552Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Apps for macOS", vendor: "Zoom Communications, Inc", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-11-12T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.<br><br>", }, ], value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-708", description: "CWE-708: Incorrect Ownership Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:49:22.296Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Apps for macOS - Uncontrolled Resource Consumption", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45417", datePublished: "2025-02-25T19:49:22.296Z", dateReserved: "2024-08-28T21:50:25.332Z", dateUpdated: "2025-02-26T16:42:11.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49647
Vulnerability from cvelistv5
Published
2024-01-12 21:44
Modified
2024-09-20 14:52
Severity ?
EPSS score ?
Summary
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 |
Version: before 5.16.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:01:25.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "before 5.16.0", }, ], }, ], datePublic: "2024-01-09T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.", }, ], value: "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T14:52:01.494Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Desktop Client for Windows - Improper Access Control", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-49647", datePublished: "2024-01-12T21:44:00.743Z", dateReserved: "2023-11-28T18:18:33.930Z", dateUpdated: "2024-09-20T14:52:01.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43585
Vulnerability from cvelistv5
Published
2023-12-13 22:15
Modified
2024-09-27 19:16
Severity ?
EPSS score ?
Summary
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Mobile App for iOS and SDKs for iOS |
Version: before 5.16.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:44:43.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "iOS", ], product: "Zoom Mobile App for iOS and SDKs for iOS", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "before 5.16.0", }, ], }, ], datePublic: "2023-12-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.", }, ], value: "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-449", description: "CWE-449: The UI Performs the Wrong Action", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T19:16:27.688Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-43585", datePublished: "2023-12-13T22:15:58.457Z", dateReserved: "2023-09-19T22:05:40.665Z", dateUpdated: "2024-09-27T19:16:27.688Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36533
Vulnerability from cvelistv5
Published
2023-08-08 17:33
Modified
2024-10-04 15:05
Severity ?
EPSS score ?
Summary
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.14.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:52.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36533", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T15:05:35.009380Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T15:05:48.927Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Zoom SDK's", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "before 5.14.7", }, ], }, ], datePublic: "2023-08-08T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.", }, ], value: "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-772", description: "CWE-772 Missing Release of Resource after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-19T19:40:23.526Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-36533", datePublished: "2023-08-08T17:33:47.868Z", dateReserved: "2023-06-22T18:04:31.168Z", dateUpdated: "2024-10-04T15:05:48.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39217
Vulnerability from cvelistv5
Published
2023-08-08 17:49
Modified
2024-10-10 16:21
Severity ?
EPSS score ?
Summary
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.14.10 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:05.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39217", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T16:21:35.760368Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T16:21:43.772Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Zoom SDK's", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "before 5.14.10", }, ], }, ], datePublic: "2023-08-08T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.", }, ], value: "Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-80", description: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T19:12:05.128Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-39217", datePublished: "2023-08-08T17:49:38.142Z", dateReserved: "2023-07-25T18:38:00.939Z", dateUpdated: "2024-10-10T16:21:43.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45418
Vulnerability from cvelistv5
Published
2025-02-25 19:52
Modified
2025-02-25 20:07
Severity ?
EPSS score ?
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45418", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-25T20:07:02.751886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-25T20:07:09.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MacOS", ], product: "Zoom Apps for macOS", vendor: "Zoom Communications, Inc", versions: [ { lessThan: "6.1.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-11-12T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.<br><br>", }, ], value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-61", description: "CWE-61: UNIX Symbolic Link (Symlink) Following", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-25T19:52:25.471Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Apps for macOS - Symbolic Link Following", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-45418", datePublished: "2025-02-25T19:52:25.471Z", dateReserved: "2024-08-28T21:50:25.332Z", dateUpdated: "2025-02-25T20:07:09.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43583
Vulnerability from cvelistv5
Published
2023-12-13 22:08
Modified
2024-09-19 13:55
Severity ?
EPSS score ?
Summary
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDK |
Version: before 5.16.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:44:43.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Android", "iOS", ], product: "Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDK", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "before 5.16.0", }, ], }, ], datePublic: "2023-12-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.", }, ], value: "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-798", description: "CWE-798 Use of Hard-coded Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-19T13:55:21.591Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-43583", datePublished: "2023-12-13T22:08:42.326Z", dateReserved: "2023-09-19T22:05:40.665Z", dateUpdated: "2024-09-19T13:55:21.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49646
Vulnerability from cvelistv5
Published
2023-12-13 22:19
Modified
2024-09-20 14:53
Severity ?
EPSS score ?
Summary
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: See references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:01:25.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "See references", }, ], }, ], datePublic: "2023-12-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.", }, ], value: "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T14:53:41.733Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-49646", datePublished: "2023-12-13T22:19:26.963Z", dateReserved: "2023-11-28T18:18:33.930Z", dateUpdated: "2024-09-20T14:53:41.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36539
Vulnerability from cvelistv5
Published
2023-06-30 02:01
Modified
2024-10-28 13:04
Severity ?
EPSS score ?
Summary
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom clients |
Version: See references link for ZSB-23025 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:52.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36539", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T13:04:31.982326Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T13:04:46.477Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Zoom clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "See references link for ZSB-23025", }, ], }, ], datePublic: "2023-06-30T02:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(247, 247, 250);\">Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.</span>", }, ], value: "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-325", description: "CWE-325 Missing Cryptographic Step", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-18T18:25:53.635Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-36539", datePublished: "2023-06-30T02:01:21.401Z", dateReserved: "2023-06-22T18:04:31.169Z", dateUpdated: "2024-10-28T13:04:46.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39204
Vulnerability from cvelistv5
Published
2023-11-14 22:28
Modified
2024-08-29 15:20
Severity ?
EPSS score ?
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39204", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T15:12:00.315832Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T15:20:45.432Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "MacOS", "Linux", "iOS", "Android", ], product: "Zoom Clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2023-11-14T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, ], value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T22:28:44.622Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-39204", datePublished: "2023-11-14T22:28:44.622Z", dateReserved: "2023-07-25T18:37:58.424Z", dateUpdated: "2024-08-29T15:20:45.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43586
Vulnerability from cvelistv5
Published
2023-12-13 22:17
Modified
2024-08-02 19:44
Severity ?
EPSS score ?
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows |
Version: See references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:44:43.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "See references", }, ], }, ], datePublic: "2023-12-12T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], value: "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426 Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-13T22:17:48.264Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2023-43586", datePublished: "2023-12-13T22:17:48.264Z", dateReserved: "2023-09-19T22:05:40.665Z", dateUpdated: "2024-08-02T19:44:43.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24690
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-09-20 14:50
Severity ?
EPSS score ?
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:28:11.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-24690", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T18:16:12.891310Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T18:16:23.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", "iOS", "Linux", "Android", ], product: "Zoom Clients", vendor: "Zoom Video Communications, Inc.", versions: [ { status: "affected", version: "see references", }, ], }, ], datePublic: "2024-02-13T13:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.<br>", }, ], value: "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1284", description: "CWE-1284: Improper Validation of Specified Quantity in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-20T14:50:06.835Z", orgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", shortName: "Zoom", }, references: [ { url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/", }, ], source: { discovery: "UNKNOWN", }, title: "Zoom Clients - Improper Input Validation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "99b9af0d-a833-4a5d-9e2f-8b1324f35351", assignerShortName: "Zoom", cveId: "CVE-2024-24690", datePublished: "2024-02-14T00:00:04.089Z", dateReserved: "2024-01-26T22:56:14.680Z", dateUpdated: "2024-09-20T14:50:06.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-06-30 03:15
Modified
2024-11-21 08:09
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.0 | |
| zoom | meetings | 5.15.1 | |
| zoom | rooms | 5.15.0 | |
| zoom | rooms | 5.15.0 | |
| zoom | rooms | 5.15.0 | |
| zoom | video_software_development_kit | 1.8.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.0 | |
| zoom | zoom | 5.15.1 | |
| zoom | poly_ccx_700_firmware | 5.15.0 | |
| zoom | poly_ccx_700 | - | |
| zoom | poly_ccx_600_firmware | 5.15.0 | |
| zoom | poly_ccx_600 | - | |
| zoom | yealink_vp59_firmware | 5.15.0 | |
| zoom | yealink_vp59 | - | |
| zoom | yealink_mp54_firmware | 5.15.0 | |
| zoom | yealink_mp54 | - | |
| zoom | yealink_mp56_firmware | 5.15.0 | |
| zoom | yealink_mp56 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*", matchCriteriaId: "B19B33AC-0C62-48B8-974F-EBB94700432E", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*", matchCriteriaId: "64EC33E5-F6E4-4845-B181-52DEC0E707BD", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*", matchCriteriaId: "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*", matchCriteriaId: "E3E84645-EF69-4A61-B946-5DEEDD27A85E", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*", matchCriteriaId: "1735FAF3-E7B4-4615-92AD-5BA3399F6D55", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*", matchCriteriaId: "2FFA4C37-4EFB-42F5-98BE-811F413113F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*", matchCriteriaId: "ABB880FF-8853-45AE-818A-23CECB48E030", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "84A39B46-A23B-4194-BDBF-16C337ADD1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*", matchCriteriaId: "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*", matchCriteriaId: "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*", matchCriteriaId: "502FC5A5-08CE-464F-A39E-FB16476F7B02", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*", matchCriteriaId: "8AB43228-B469-46D9-BE1E-F7BCCC777F34", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*", matchCriteriaId: "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*", matchCriteriaId: "E7777FBA-8B77-430F-8B64-AFB14E517179", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "EEC1BF64-379E-4623-9F5F-EC37D9AE8928", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*", matchCriteriaId: "27D5E538-97CB-4F05-B8FC-AC6497425E78", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "9E12A046-159E-4E45-954F-57A0C43938F4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*", matchCriteriaId: "A85D6BC1-E736-487F-8C02-C54B49F7C8B2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "CE053959-5DE3-4954-8FD5-7D15FA77BC77", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*", matchCriteriaId: "C661E9DF-1D17-408A-95D9-DE5D941EC93B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*", matchCriteriaId: "1F942425-D356-47BA-95A6-61E1FD5029F4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*", matchCriteriaId: "31C96F0F-E282-427B-92C7-225252952F3E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*", matchCriteriaId: "B5097727-AE57-436F-B7EF-E93BD96B2E23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.", }, { lang: "es", value: "La exposición de información destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgación de información sensible.", }, ], id: "CVE-2023-36539", lastModified: "2024-11-21T08:09:53.833", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-30T03:15:09.747", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-325", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:09
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "A9D82780-92BD-436B-BB7E-F9C5F6E34FA6", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "440DA9C2-5FF5-4D76-B123-2E3BA304538B", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "8C294644-DF3F-4BE2-A07A-D74082F9D66A", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "CCE1A3F9-2155-407A-8F35-9B543EB5CDD0", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "0CE354FE-9AF5-43B8-8368-5F4884EFE303", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "28292A81-F997-45CE-9E71-856B86069B70", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "2BC978CC-E69B-4188-AF93-7AF6A1A7125D", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "E95C82D8-D362-452E-A51F-6FB1C96C1C4A", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "3F6BCB1C-786B-44A4-97BB-DCF66C3E7C8A", versionEndExcluding: "5.14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "D651A99D-AE3C-452F-A93F-FAA83FA12C71", versionEndExcluding: "5.14.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.", }, { lang: "es", value: "El consumo incontrolado de recursos en los SDK de Zoom anteriores a 5.14.7 puede permitir que un usuario no autenticado habilite una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2023-36533", lastModified: "2024-11-21T08:09:53.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T18:15:14.037", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8E8DDD36-808D-4864-AA07-0760E4375FCA", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "49957FA5-35FF-40AC-B88E-A235FA00F639", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "B02E0B95-F342-4D19-9C56-0ED458942E09", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "0F555E18-C547-493A-A3C6-85D42B75C5C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "05EFB308-185E-41CD-9E1F-A6EAB1BE3314", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "7AC5BD11-4FF8-4BEA-9151-75E165750703", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*", matchCriteriaId: "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*", matchCriteriaId: "7C050E43-5F66-4F82-8725-6D4F86C2D7FC", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*", matchCriteriaId: "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*", matchCriteriaId: "0E9FA665-AB32-4140-91F9-57E2EA14D837", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "F7D73FAD-D117-46F1-A30F-B373103576BB", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "C11934B8-2EFA-4274-ADAD-53447B0BC972", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "70AEFFD5-918F-4046-9856-C665C2DEF4C4", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F18288EB-7820-4C47-A589-BF3DA06A75C0", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*", matchCriteriaId: "39EF83F4-626A-43F1-9312-147F65B1EC5E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "21D7D4E9-14DF-48CF-A9F9-A61408B59789", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*", matchCriteriaId: "655AC669-B03B-4BDD-B578-F6F02FAD857E", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "8A311271-1418-4E8C-90B5-960E37592BAE", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", matchCriteriaId: "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15", versionEndExcluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", matchCriteriaId: "A8EE3AB9-DE5E-4141-9974-C735AEEF1DF0", versionEndExcluding: "6.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El desbordamiento del búfer en algunas aplicaciones de Zoom puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-45421", lastModified: "2025-03-05T13:53:35.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.400", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24043/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", matchCriteriaId: "249D7C05-850F-4BED-BE1B-864B3A555DC5", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "CF877945-AEBB-4347-B45C-DC5CF711EAC0", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", matchCriteriaId: "E7C90882-B6EB-476E-B8C8-9CA9D2C86328", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", matchCriteriaId: "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", matchCriteriaId: "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "440B9710-9B66-4F17-A4EE-C1D11DF4DC76", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "B3F99428-4438-47DA-BD2D-FF61BF1CC736", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "392358DF-EC53-4538-A361-F467B8DFEE8B", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "33188B54-F6E1-4556-8A90-9DD7384AF299", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "4D26E2D3-9148-44AA-8AF0-A3E58704F532", versionEndExcluding: "5.14.13", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "C3B28CE5-ABB5-43C4-8BB4-133050E0821E", versionEndExcluding: "5.15.11", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "A454D523-527C-4910-8474-EB4CDFFE7BF6", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "BE96C026-8B39-4509-BA4F-AC224918DC8F", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", matchCriteriaId: "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", matchCriteriaId: "E055EB88-5A25-4348-AAEA-5A25496E5E64", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D", versionEndExcluding: "5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: "La verificación de condiciones inadecuadas en Zoom Team Chat para clientes de Zoom puede permitir que un usuario autenticado lleve a cabo una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2023-39205", lastModified: "2024-11-21T08:14:54.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-14T23:15:08.887", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "E725B855-C1FD-40B0-B5DD-164CB83D0F53", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "921ABABB-33A6-4B83-844B-236C549B48CF", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "0141CCFA-C930-4649-8894-4B093AE63848", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "C2BF4129-CA54-4ECB-9A6B-EC28445233DF", versionEndExcluding: "5.16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.", }, { lang: "es", value: "Un control de acceso inadecuado en la aplicación Zoom Mobile para iOS y los SDK de Zoom para iOS anteriores a la versión 5.16.5 puede permitir que un usuario autenticado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2023-43585", lastModified: "2024-11-21T08:24:26.730", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T23:15:07.463", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-449", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "E725B855-C1FD-40B0-B5DD-164CB83D0F53", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "D09B037A-A36E-480E-A180-A2FDBB0CE130", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "76ECB323-FA2E-4C2C-9949-40A068BB46C1", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "8BB16085-BEA2-4FCF-AA22-F6DD44A2E8DF", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "A454D523-527C-4910-8474-EB4CDFFE7BF6", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "BE96C026-8B39-4509-BA4F-AC224918DC8F", versionEndExcluding: "5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.", }, { lang: "es", value: "Los problemas criptográficos de la aplicación Zoom Mobile para Android, la aplicación Zoom Mobile para iOS y los SDK de Zoom para Android e iOS anteriores a la versión 5.16.0 pueden permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red.", }, ], id: "CVE-2023-43583", lastModified: "2024-11-21T08:24:26.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T23:15:07.270", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:33
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "0105F955-25C8-4582-BD05-8BCD48BFF3D6", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "BAE70E1D-8C4A-4EB6-96A8-16C53DB5C79B", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7", versionEndExcluding: "5.14.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "33411E35-8D01-42E4-85D6-0FE2C416E697", versionEndExcluding: "5.15.12", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "C2BF4129-CA54-4ECB-9A6B-EC28445233DF", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", matchCriteriaId: "AD4CD81C-1F22-45CA-8AB1-D6D59E819759", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", matchCriteriaId: "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "19B08EB3-7EBF-416F-91B9-4600E47567F7", versionEndExcluding: "5.16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: "La autenticación incorrecta en Zoom clients anteriores a la versión 5.16.5 puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2023-49646", lastModified: "2024-11-21T08:33:39.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 2.7, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T23:15:08.357", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-12 22:15
Modified
2024-11-21 08:33
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "6283C30D-420E-4A6F-B4C3-A67923467553", versionEndExcluding: "5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "ACB8BA0C-2FE3-4AB2-8C43-1035A95408E1", versionEndExcluding: "5.16.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "EE4453C1-144A-4101-935E-966676895835", versionEndExcluding: "5.16.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7", versionEndExcluding: "5.14.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "33411E35-8D01-42E4-85D6-0FE2C416E697", versionEndExcluding: "5.15.12", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "1865DF2E-65D2-4DEF-BFC5-5AC333AFF759", versionEndExcluding: "5.16.10", versionStartIncluding: "5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.", }, { lang: "es", value: "Un control de acceso inadecuado en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom SDK para Windows anteriores a la versión 5.16.10 puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso local.", }, ], id: "CVE-2023-49647", lastModified: "2024-11-21T08:33:39.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-12T22:15:45.130", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24039/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.", }, { lang: "es", value: "El consumo descontrolado de recursos en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versión 6.1.5 puede permitir que un usuario privilegiado realice una divulgación de información a través del acceso local.", }, ], id: "CVE-2024-45417", lastModified: "2025-03-04T17:36:57.857", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.2, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.007", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-708", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "B72243E4-AFF7-4A69-934A-1170A6EDAE0F", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*", matchCriteriaId: "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166", versionEndExcluding: "5.17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*", matchCriteriaId: "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8", versionEndExcluding: "5.14.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*", matchCriteriaId: "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E", versionEndExcluding: "5.15.12", versionStartExcluding: "5.14.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*", matchCriteriaId: "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E", versionEndExcluding: "5.16.10", versionStartExcluding: "5.15.12", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "C2BF4129-CA54-4ECB-9A6B-EC28445233DF", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", matchCriteriaId: "AD4CD81C-1F22-45CA-8AB1-D6D59E819759", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", matchCriteriaId: "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "19B08EB3-7EBF-416F-91B9-4600E47567F7", versionEndExcluding: "5.16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.", }, { lang: "es", value: "Una validación de entrada incorrecta en algunos clientes de Zoom puede permitir que un usuario autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2024-24690", lastModified: "2024-11-21T08:59:30.693", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-14T00:15:47.000", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1284", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", matchCriteriaId: "6542B8C0-31B4-40A0-B6F3-136C5A16EFE8", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "5722E765-C79A-4A21-9E03-2634D5E7F2F9", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", matchCriteriaId: "86B49D79-7C51-46BE-87C2-93717D687531", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", matchCriteriaId: "F6679219-E822-4E14-98CF-1661E343143E", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", matchCriteriaId: "63776027-642A-4B76-A561-F658045ECBD3", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", matchCriteriaId: "81A22013-04BC-4F45-8295-81C5FD441FC1", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "B399594A-A021-4CCF-BD2D-3E43FC0BF8B2", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "0DACEF42-D48D-4CDD-B72C-0C1C2A63DF96", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "5C73290C-5F04-40AC-BFD8-64E2E53E3EF0", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "C29E2E20-94A0-4516-8815-F634290D1C3A", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "10213F87-D42E-47F0-A0E4-3EEC68D024B8", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "6E3A49AF-5716-4516-8BC5-2DF788E6608C", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "24D1C345-4BF0-4027-A7C1-4D2FD8106EFB", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "DE7C3EFB-8CDF-447F-BDFC-2914C7DF8449", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "4D26E2D3-9148-44AA-8AF0-A3E58704F532", versionEndExcluding: "5.14.13", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "C3B28CE5-ABB5-43C4-8BB4-133050E0821E", versionEndExcluding: "5.15.11", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "229A05D6-27BE-46A0-ADA8-C37873A24EA0", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "42CDC31F-325B-43A1-8266-34317C644630", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", matchCriteriaId: "C7B42405-380C-42AD-9B87-99EB92E433BE", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", matchCriteriaId: "351C219A-492B-4DC8-B92F-1B609A16459A", versionEndExcluding: "5.15.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "3D834D47-BF15-461E-A908-3F7A919C2ED2", versionEndExcluding: "5.15.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, { lang: "es", value: "El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2023-39204", lastModified: "2024-11-21T08:14:54.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-14T23:15:08.687", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "93A03433-CCF8-4E19-89B4-18368847FB8F", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "66BFFFB3-351E-43CE-B005-D24AB48B9584", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4", versionEndExcluding: "6.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*", matchCriteriaId: "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF", versionEndExcluding: "6.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El enlace simbólico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versión 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2024-45418", lastModified: "2025-03-04T17:36:43.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-02-25T20:15:35.223", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-61", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-14 23:15
Modified
2024-11-21 08:14
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | meetings | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", matchCriteriaId: "249D7C05-850F-4BED-BE1B-864B3A555DC5", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "CF877945-AEBB-4347-B45C-DC5CF711EAC0", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", matchCriteriaId: "E7C90882-B6EB-476E-B8C8-9CA9D2C86328", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", matchCriteriaId: "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", matchCriteriaId: "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", matchCriteriaId: "12D81D70-FA29-4921-9A20-BE8DC596F6AE", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", matchCriteriaId: "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", matchCriteriaId: "3D39B6BA-D4BC-4502-8867-D5A5441D3196", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", matchCriteriaId: "62689640-F0DA-4FBA-83A9-AA29843B6E57", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "440B9710-9B66-4F17-A4EE-C1D11DF4DC76", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "B3F99428-4438-47DA-BD2D-FF61BF1CC736", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "392358DF-EC53-4538-A361-F467B8DFEE8B", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "33188B54-F6E1-4556-8A90-9DD7384AF299", versionEndExcluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "4D26E2D3-9148-44AA-8AF0-A3E58704F532", versionEndExcluding: "5.14.13", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "C3B28CE5-ABB5-43C4-8BB4-133050E0821E", versionEndExcluding: "5.15.11", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", matchCriteriaId: "A454D523-527C-4910-8474-EB4CDFFE7BF6", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "BE96C026-8B39-4509-BA4F-AC224918DC8F", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", matchCriteriaId: "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", matchCriteriaId: "E055EB88-5A25-4348-AAEA-5A25496E5E64", versionEndExcluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D", versionEndExcluding: "5.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.", }, { lang: "es", value: "El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red.", }, ], id: "CVE-2023-39206", lastModified: "2024-11-21T08:14:54.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-14T23:15:09.073", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "B72243E4-AFF7-4A69-934A-1170A6EDAE0F", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE", versionEndExcluding: "5.16.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7", versionEndExcluding: "5.14.14", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "33411E35-8D01-42E4-85D6-0FE2C416E697", versionEndExcluding: "5.15.12", versionStartIncluding: "5.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", matchCriteriaId: "19B08EB3-7EBF-416F-91B9-4600E47567F7", versionEndExcluding: "5.16.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.", }, { lang: "es", value: "El path traversal en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom SDK para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a través del acceso a la red.", }, ], id: "CVE-2023-43586", lastModified: "2024-11-21T08:24:26.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.8, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-13T23:15:07.660", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "86D21EBF-FC1F-4F2F-B7AB-C3E0948D8593", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "75317D4C-FE2D-44D2-A094-87049A0A294D", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "8364764A-B13B-4CB4-8354-850EF5448BCB", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "CA2B704A-A3F0-440B-9A46-22083723AE06", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "56B8E455-A5D2-4050-BC22-0057CC241F21", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", matchCriteriaId: "F89E14EC-E5EF-4994-BA14-A867D28416D8", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "C07A9F36-6B27-4DC0-8737-51C0A250791D", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", matchCriteriaId: "B64870D9-1253-4747-AE9D-650132EE60C4", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", matchCriteriaId: "69E77EA7-44E8-406B-A659-E6F5EC1C9271", versionEndExcluding: "5.14.10", vulnerable: true, }, { criteria: "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", matchCriteriaId: "49DC386E-7BE2-4B05-968E-640BDB451199", versionEndExcluding: "5.14.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.", }, ], id: "CVE-2023-39217", lastModified: "2024-11-21T08:14:56.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@zoom.us", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-08T18:15:23.843", references: [ { source: "security@zoom.us", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://explore.zoom.us/en/trust/security/security-bulletin/", }, ], sourceIdentifier: "security@zoom.us", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-80", }, ], source: "security@zoom.us", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }