CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

History

18 Dec 2023, 19:20

Type Values Removed Values Added
CPE cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
CWE CWE-22
References () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Zoom zoom
Zoom
Zoom virtual Desktop Infrastructure
Zoom video Software Development Kit
Zoom meeting Software Development Kit

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-13 23:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-43586

Mitre link : CVE-2023-43586

CVE.ORG link : CVE-2023-43586


JSON object : View

Products Affected

zoom

  • video_software_development_kit
  • zoom
  • virtual_desktop_infrastructure
  • meeting_software_development_kit
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-426

Untrusted Search Path