Severity
Medium
Analysis Summary
CVE-2023-39201 CVSS:7.2
Zoom CleanZoom could allow a local authenticated attacker to gain elevated privileges on the system, caused by untrusted search path. An attacker could exploit this vulnerability to escalate privileges.
CVE-2023-39208 CVSS:6.5
Zoom Desktop Client for Linux is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-39215 CVSS:7.1
Zoom clients are vulnerable to a denial of service, caused by improper authentication. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-39201
- CVE-2023-39208
- CVE-2023-39215
Affected Vendors
Zoom
Affected Products
- Zoom CleanZoom
- Zoom Desktop Client for Linux 5.15.9
- Zoom Desktop for Windows 5.15.4
- Zoom Mobile App for iOS 5.14.4
- Zoom Desktop Client for macOS 5.15.4
- Zoom VDI Client 5.14.11
- Zoom VDI Client 5.15.3
- Zoom Meeting SDKs 5.15.4
Remediation
efer to Zoom Security Advisory for patch, upgrade or suggested workaround information.