Vulnerability · NVD

CVE-2023-43586

HIGH 7.3 Published on 2023-12-13

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Attack vector : Network

Show raw CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS 0.08% exploit very unlikely percentile 22.9%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.16.5 Fixed in 5.16.5 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.16.5	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗