Vulnerability · NVD

CVE-2023-49647

HIGH 8.8 Published on 2024-01-12

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Attack vector : Local No user interaction

Show raw CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS 0.03% exploit very unlikely percentile 8.6%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Zoom Workplace Windows winget:Zoom.Zoom

Affected <5.16.10 Fixed in 5.16.10 Latest tracked 7.0.38856 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
zoom	zoom Windows	Windows	<5.16.10	cpe:2.3:a:zoom:zoom::::::windows::*

View on NVD ↗