7.5
CVE-2023-36539
- EPSS 0.44%
- Veröffentlicht 30.06.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 08:09:53
- Quelle security@zoom.us
- CVE-Watchlists
- Unerledigt
LoginExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zoom ≫ Video Software Development Kit Version1.8.0
Zoom ≫ Poly Ccx 700 Firmware Version5.15.0
Zoom ≫ Poly Ccx 600 Firmware Version5.15.0
Zoom ≫ Yealink Vp59 Firmware Version5.15.0
Zoom ≫ Yealink Mp54 Firmware Version5.15.0
Zoom ≫ Yealink Mp56 Firmware Version5.15.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@zoom.us | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-325 Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://explore.zoom.us/en/trust/security/security-bulletin/