CVE-2023-28600

EPSS 0.06%
Veröffentlicht 13.06.2023 18:15:21
Zuletzt bearbeitet 21.11.2024 07:55:38
Quelle security@zoom.us
Teams Watchlist Login
Unerledigt Login

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability.  A malicious user may be able to delete/replace Zoom Client files potentially causing  a loss of integrity and availability to the Zoom Client.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Zoom SwPlatformmacos Version < 5.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
security@zoom.us	5.2	1	3.7	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28600

EUVD