CVE-2023-34116

CVSS 8.2 HIGHEPSS 0.9%CWE-78

In short

The Zoom Desktop Client for Windows before version 5.15.0 fails to properly validate user input, which could allow an attacker on the network to gain elevated privileges on the system.

Technical detail

CWE-78 (OS Command Injection) via improper input validation in Zoom Desktop Client for Windows <5.15.0 enables privilege escalation through network-accessible vectors. Attack requires network access but not prior authentication; successful exploitation grants elevated system privileges.

Summary generated and translated by AI from the official description.

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H

Affected products

Zoom Video Communications, Inc. · Zoom Desktop Client for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/