CVE-2023-34120

EPSS 0.03%
Veröffentlicht 13.06.2023 18:15:21
Zuletzt bearbeitet 21.11.2024 08:06:35
Quelle security@zoom.us
CVE-Watchlists
Login
Unerledigt
Login

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Virtual Desktop Infrastructure Version < 5.14.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@zoom.us	8.7	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-34120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34120

EUVD