CVE-2023-39214

CVSS 7.6 HIGHEPSS 0.8%CWE-749

In short

Zoom Client SDK versions before 5.15.5 contain a flaw that exposes sensitive information and can allow an authenticated user to crash or disrupt the service through network access.

Technical detail

CWE-749 vulnerability in Zoom Client SDK <5.15.5 permits authenticated attackers to trigger a denial of service condition via network-based attack vector, leveraging exposed sensitive information. Requires valid authentication credentials; impact includes service disruption.

Summary generated and translated by AI from the official description.

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected products

Zoom Video Communications, Inc. · Zoom SDK's

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/