Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows by Zoom Video Communications, Inc.
CVE-2023-43586 (GCVE-0-2023-43586)
Vulnerability from nvd – Published: 2023-12-13 22:17 – Updated: 2026-02-25 16:34
VLAI?
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Severity ?
7.3 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows |
Affected:
See references
|
Date Public ?
2023-12-12 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-14T05:00:12.943526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:34:33.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T22:17:48.264Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43586",
"datePublished": "2023-12-13T22:17:48.264Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2026-02-25T16:34:33.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-43586 (GCVE-0-2023-43586)
Vulnerability from cvelistv5 – Published: 2023-12-13 22:17 – Updated: 2026-02-25 16:34
VLAI?
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Severity ?
7.3 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows |
Affected:
See references
|
Date Public ?
2023-12-12 16:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-14T05:00:12.943526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:34:33.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T22:17:48.264Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43586",
"datePublished": "2023-12-13T22:17:48.264Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2026-02-25T16:34:33.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}