CVE-2023-28600

EPSS 0.06%
Published 13.06.2023 18:15:21
Last modified 21.11.2024 07:55:38
Source security@zoom.us
Teams watchlist Login
Open Login

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability.  A malicious user may be able to delete/replace Zoom Client files potentially causing  a loss of integrity and availability to the Zoom Client.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Zoom SwPlatformmacos Version < 5.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
security@zoom.us	5.2	1	3.7	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28600

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28600

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28600

EUVD