CVE-2023-43586
CVE-2023-43586
In short
A flaw in Zoom's Windows clients and SDKs allows a logged-in user to access files or folders outside the intended directory by manipulating file paths, potentially gaining unauthorized access or elevated permissions.
Technical detail
Path traversal vulnerability (CWE-426) in Zoom Desktop Client, VDI Client, and SDKs for Windows enables privilege escalation when an authenticated user supplies specially crafted file paths via network communication. The vulnerability requires prior authentication and allows circumvention of directory restrictions to access sensitive resources.
Summary generated and translated by AI from the official description.
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Affected products
Zoom Video Communications, Inc. · Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for WindowsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →