CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

History

18 Dec 2023, 19:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - Vendor Advisory
CWE CWE-22
CPE cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*

13 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-13 23:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-43586

Mitre link : CVE-2023-43586

CVE.ORG link : CVE-2023-43586


JSON object : View

Products Affected

zoom

  • virtual_desktop_infrastructure
  • video_software_development_kit
  • zoom
  • meeting_software_development_kit
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-426

Untrusted Search Path