Zoom Client <5.14.10: Authenticated users can trigger info disclosure
CVE-2023-36535 Published on August 8, 2023

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

NVD

Vulnerability Analysis

CVE-2023-36535 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

Products Associated with CVE-2023-36535

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom

Zoom Virtual Desktop Infrastructure

Zoom Rooms

Affected Versions

Zoom Video Communications, Inc. Zoom Clients Version before 5.14.10 is affected by CVE-2023-36535

Exploit Probability

EPSS

0.17%

Percentile

38.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.