Severity
Medium
Analysis Summary
CVE-2023-43586 CVSS:7.3
Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-49646 CVSS:5.4
Zoom Clients is vulnerable to a denial of service, caused by improper authentication. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-43583 CVSS:4.9
Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDKs could allow a remote authenticated attacker to obtain sensitive information, caused by cryptographic issue. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-43585 CVSS:7.1
Zoom Mobile App for iOS and SDKs for iOS could allow a remote authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Denial of Service
- Privileges Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-43586
- CVE-2023-49646
- CVE-2023-43583
- CVE-2023-43585
Affected Vendors
Zoom
Affected Products
- Zoom VDI Client 5.15.3
- Zoom Meeting SDK for iOS
- Zoom Meeting SDK for Android
- Zoom SDKs 5.16.4
- Zoom VDI Client 5.16.4
- Zoom Video SDK
- Zoom Desktop Client for Windows 5.16.4
- Zoom Desktop Client for macOS 5.16.4
- Zoom Meeting SDK for Windows 5.16.4
- Zoom Video SDK for Windows 5.16.4
- Zoom Mobile App for iOS 5.16.4
- Zoom Desktop Client for Linux 5.16.4
- Zoom Mobile App for Android 5.15.4
- Zoom Mobile App for iOS 5.15.4
- Zoom Video SDK for iOS 5.16.4
- Zoom Meeting SDK for iOS 5.16.4
Remediation
Refer to Zoom Security Advisory for patch, upgrade, or suggested workaround information.