- 137/2023
- High
Zoom has released security updates to address several vulnerabilities in Windows, MacOS, and Linux.
The addressed vulnerabilities could allow the attacker to cause a denial of service, gain privileges, bypass security restrictions, obtain information, and perform cross-site scripting on the affected systems.
Sample of the addressed vulnerabilities:
1. Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows Clients Privilege Escalation (CVE-2023-34120):
- CVSS: 8.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Zoom for Windows and MacOS Clients Information Disclosure Vulnerability (CVE-2023-34114):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Sample of the affected products:
- Zoom for Windows, MacOS, and Linux before versions 5.14.0 and 5.13.5.
- Zoom Rooms client for Windows, MacOS, and Linux before versions 5.14.0, and 5.13.5.
- Zoom Client for Meetings for IT Admin Windows installers before version 5.13.5.
Vulnerabilities
- CVE-2023-34115
- CVE-2023-34114
- CVE-2023-34113
- CVE-2023-34122
- CVE-2023-34121
- CVE-2023-34120
- CVE-2023-28603
- CVE-2023-28602
- CVE-2023-28601
- CVE-2023-28600
- CVE-2023-28599
- CVE-2023-28598
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.