CVE-2023-39213

EPSS 1.11%
Published 08.08.2023 22:15:10
Last modified 21.11.2024 08:14:55
Source security@zoom.us
Teams watchlist Login
Open Login

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Virtual Desktop Infrastructure Version < 5.15.2

Zoom ≫ Zoom SwPlatformwindows Version < 5.15.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.11%	0.769

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@zoom.us	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-176 Improper Handling of Unicode Encoding

The product does not properly handle when an input contains Unicode encoding.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-39213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-39213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-39213

EUVD