Vulnerability · NVD

CVE-2023-39213

CRITICAL 9.6 Published on 2023-08-08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

Attack vector : Network No privileges required

Show raw CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS 1.16% above median percentile 78.9%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.15.2 Fixed in 5.15.2 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.15.2	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗