Vulnerability · NVD

CVE-2023-39211

HIGH 8.8 Published on 2023-08-08

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

Attack vector : Local No user interaction

Show raw CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS 0.03% exploit very unlikely percentile 10.4%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.15.5 Fixed in 5.15.5 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.15.5	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗