- 299/2023
- High
Zoom has released security updates to fix several vulnerabilities in multiple products such as Zoom Clients, Zoom Rooms for macOS, Zoom Desktop Client for Windows, and Zoom VDI Client.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger denial of service attacks, or gain elevated privileges on the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Zoom Rooms for macOS Privilege Escalation Vulnerability (CVE-2023-43590):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Zoom clients Denial of Service Vulnerability (CVE-2023-39204):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2023-43582
- CVE-2023-43591
- CVE-2023-43590
- CVE-2023-43588
- CVE-2023-39199
- CVE-2023-39206
- CVE-2023-39205
- CVE-2023-39204
- CVE-2023-39203
- CVE-2023-39202
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.