CVE-2023-34121

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*

History

19 Sep 2024, 20:15

Type Values Removed Values Added
Summary (en) Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. (en) Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
CWE CWE-20 CWE-79

21 Jun 2023, 20:54

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - Vendor Advisory
First Time Zoom rooms
Zoom zoom
Microsoft
Zoom virtual Desktop Infrastructure
Zoom
Microsoft windows

13 Jun 2023, 18:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-13 18:15

Updated : 2024-09-19 20:15


NVD link : CVE-2023-34121

Mitre link : CVE-2023-34121

CVE.ORG link : CVE-2023-34121


JSON object : View

Products Affected

zoom

  • zoom
  • rooms
  • virtual_desktop_infrastructure

microsoft

  • windows
CWE
NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')