Severity

Medium

Analysis Summary

CVE-2023-39202 CVSS:3.1

Zoom Rooms Client for Windows and Zoom VDI Client are vulnerable to a denial of service, caused by untrusted search path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39203 CVSS:4.3

Zoom Desktop Client for Windows and Zoom VDI Client are vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39204 CVSS:5.3

Zoom clients are vulnerable to a denial of service, caused by a buffer overflow flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39205 CVSS:4.3

Zoom clients are vulnerable to a denial of service, caused by improper conditions check. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39206 CVSS:3.7

Zoom clients are vulnerable to a denial of service, caused by a buffer overflow flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-39199 CVSS:4.9

Zoom clients could allow a remote authenticated attacker to obtain sensitive information, caused by cryptographic issues with In-Meeting Chat. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-43588 CVSS:3.5

Zoom clients could allow a remote authenticated attacker to obtain sensitive information, caused by insufficient control flow management. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2023-43590 CVSS:7.8

Zoom Rooms for macOS could allow a local authenticated attacker to gain elevated privileges on the system, caused by link following. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-43591 CVSS:7.8

Zoom Rooms for macOS could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-43582 CVSS:5.5

Zoom clients could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

Impact

  • Denial of Service
  • Privileges Escalation
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-39202
  • CVE-2023-39203
  • CVE-2023-39204
  • CVE-2023-39205
  • CVE-2023-39206
  • CVE-2023-39199
  • CVE-2023-43588
  • CVE-2023-43590
  • CVE-2023-43591
  • CVE-2023-43582

Affected Vendors

Zoom

Affected Products

  • Zoom Desktop Client for Windows
  • Zoom Desktop Client for macOS
  • Zoom Mobile App for iOS
  • Zoom Mobile App for Android
  • Zoom Desktop Client for Linux
  • Zoom Rooms Client for Windows
  • Zoom Rooms Client for macOS
  • Zoom Rooms Client for Android
  • Zoom Rooms Client for iPad
  • Zoom VDI Client
  • Zoom Meeting SDK for Windows
  • Zoom Meeting SDK for iOS
  • Zoom Meeting SDK for Android
  • Zoom Meeting SDK for macOS
  • Zoom Meeting SDK for Linux
  • Zoom Room for macOS
  • Zoom Room for Windows
  • Zoom Rooms for macOS 5.14.9

Remediation

Refer to Zoom Security Advisory for patch, upgrade or suggested workaround information.

Zoom Security Advisory