CVE Published: 13/06/2023 |
CVE Updated: 19/09/2024 |
CVE Year: 2023 Source: Zoom |
Vendor: Zoom Video Communications, Inc. |
Product: Zoom for macOS Client Status : PUBLISHED
CVE-2023-28600 Description
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.
Metrics
CVSS Version: 3.1 |
Base Score: 5.2 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* NONE User Interaction (UI)* REQUIRED Scope (S)* CHANGED