Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Zoom VDI for Windows Meeting Clients by Zoom Video Communications, Inc.

    CVE-2023-34120 (GCVE-0-2023-34120)

    Vulnerability from nvd – Published: 2023-06-13 17:38 – Updated: 2025-01-02 20:10
    VLAI
    Summary
    Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Date Public
    2023-06-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:03:55.460656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:10:14.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom for Windows Client",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Rooms Client for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom VDI for Windows Meeting Clients",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
                }
              ],
              "value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:32:54.852Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2023-34120",
        "datePublished": "2023-06-13T17:38:52.940Z",
        "dateReserved": "2023-05-25T22:01:29.098Z",
        "dateUpdated": "2025-01-02T20:10:14.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34120 (GCVE-0-2023-34120)

    Vulnerability from cvelistv5 – Published: 2023-06-13 17:38 – Updated: 2025-01-02 20:10
    VLAI
    Summary
    Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Date Public
    2023-06-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T20:03:55.460656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:10:14.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom for Windows Client",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Rooms Client for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom VDI for Windows Meeting Clients",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
                }
              ],
              "value": "Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347 Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:32:54.852Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2023-34120",
        "datePublished": "2023-06-13T17:38:52.940Z",
        "dateReserved": "2023-05-25T22:01:29.098Z",
        "dateUpdated": "2025-01-02T20:10:14.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }