- 190/2023
- Critical
Zoom has released security updates to fix several vulnerabilities in Zoom Rooms, Zoom Windows Client, and Zoom Client SDK.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain information, and escalate privileges on the affected systems.
Sample of the addressed vulnerabilities:
1. Zoom Rooms Improper Neutralization of Special Elements (CVE-2023-39213):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
2. Zoom Desktop Exposure of Sensitive Information (CVE-2023-39214):
- CVSS: 7.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2023-36532
- CVE-2023-36533
- CVE-2023-36534
- CVE-2023-36535
- CVE-2023-36540
- CVE-2023-36541
- CVE-2023-39209
- CVE-2023-39210
- CVE-2023-39211
- CVE-2023-39212
- CVE-2023-39213
- CVE-2023-39214
- CVE-2023-39216
- CVE-2023-39217
- CVE-2023-39218
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.