CVE-2023-39213

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

History

27 Sep 2024, 20:15

Type Values Removed Values Added
Summary (en) Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. (en) Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
CWE CWE-176

15 Aug 2023, 15:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
CWE CWE-74
References (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - (MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - Vendor Advisory

08 Aug 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-08 22:15

Updated : 2024-09-27 20:15


NVD link : CVE-2023-39213

Mitre link : CVE-2023-39213

CVE.ORG link : CVE-2023-39213


JSON object : View

Products Affected

zoom

  • virtual_desktop_infrastructure
  • zoom
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-176

Improper Handling of Unicode Encoding