CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 08:24

Type Values Removed Values Added
References () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - Vendor Advisory () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.3

18 Dec 2023, 19:20

Type Values Removed Values Added
References () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - () https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/ - Vendor Advisory
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
CWE CWE-22
First Time Zoom video Software Development Kit
Zoom virtual Desktop Infrastructure
Zoom
Zoom zoom
Zoom meeting Software Development Kit

14 Dec 2023, 13:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-13 23:15

Updated : 2024-11-21 08:24


NVD link : CVE-2023-43586

Mitre link : CVE-2023-43586

CVE.ORG link : CVE-2023-43586


JSON object : View

Products Affected

zoom

  • zoom
  • meeting_software_development_kit
  • virtual_desktop_infrastructure
  • video_software_development_kit
CWE
CWE-426

Untrusted Search Path

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')