CVE-2023-34114

CVSS 7.4 HIGHEPSS 1.0%CWE-668

In short

Zoom clients for Windows and macOS before version 5.14.10 expose internal resources that can be accessed over the network by authenticated users, potentially leaking sensitive information.

Technical detail

An authenticated attacker can access resources intended for local-only use due to improper sphere isolation in Zoom clients (Windows/macOS <5.14.10). The vulnerability requires network access and valid authentication credentials, enabling information disclosure through exposure of resources to an incorrect security boundary (CWE-668).

Summary generated and translated by AI from the official description.

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected products

Zoom Video Communications, Inc. · Zoom for MacOS Client Zoom Video Communications, Inc. · Zoom for Windows Client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/