CVE Published: 13/12/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: Zoom |
Vendor: Zoom Video Communications, Inc. |
Product: Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows Status : PUBLISHED
CVE-2023-43586 Description
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Metrics
CVSS Version: 3.1 |
Base Score: 7.3 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
l➤ Exploitability Metrics: Attack Vector (AV)* NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* REQUIRED Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* NONE
Weakness Enumeration (CWE)
CWE-ID: CWE-426 CWE Name: CWE-426 Untrusted Search Path Source: Zoom Video Communications, Inc.
Common Attack Pattern Enumeration and Classification (CAPEC)