Zoom has released security patches for 6 high and 1 low severity vulnerabilities, allowing threat actors to escalate privileges and disclose sensitive information.
The CVSS Score of these vulnerabilities ranges between 3.3 (low) and 8.4 (High).
CVE(s):
Title CVE ID Severity Improper Access ControlCVE-2023-36538HighImproper Privilege ManagementCVE-2023-36537HighUntrusted Search PathCVE-2023-36536HighInsecure Temporary FileCVE-2023-34119HighImproper Privilege ManagementCVE-2023-34118HighRelative Path TraversalCVE-2023-34117LowImproper Input ValidationCVE-2023-34116High
High Severity Vulnerabilities
CVE-2023-36538: Improper access control leads to privilege escalation in Zoom rooms
This vulnerability exists due to improper access control on Zoom rooms in Zoom versions lower than 5.15.0, allowing an authenticated user to escalate privileges via local access.
CVE-2023-36536: Untrusted search path leads to privilege escalation
This vulnerability exists due to an untrusted search path in the installer of Zoom rooms prior to version 5.15.0 which allows an authenticated user to escalate privileges via local access.
CVE-2023-34119: Insecure temporary file leads to privilege escalation
This vulnerability exists due to an insecure file on the installer of Zoom rooms versions prior to 5.15.0, allowing an authenticated user to escalate privileges via local access.
CVE-2023-34116: Improper input validation in Zoom leads to privilege escalation
This vulnerability exists due to improper input validation in Zoom Desktop for Windows versions prior to 5.15.0, allowing an authenticated user to escalate privileges via local access.
The vulnerabilities are discovered and reported to Zoom by sim0nsecurity.
The above-mentioned are four of the highest-severity vulnerabilities that have been fixed by Zoom and necessary patches have been released.
For more information on the patches, Zoom has released a security advisoryfor these vulnerabilities. Users are recommended to upgrade their Zoom versions to fix these vulnerabilities.
