Zoom Client SDK v<5.15.5 Info Disclosure & DoS via Network (CVE-2023-39214)
CVE-2023-39214 Published on August 8, 2023

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

NVD

Vulnerability Analysis

CVE-2023-39214 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Exposed Dangerous Method or Function

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Products Associated with CVE-2023-39214

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom Meeting Software Development Kit

Zoom Rooms

Zoom

Affected Versions

Zoom Video Communications, Inc. Zoom SDK's Version before 5.15.5 is affected by CVE-2023-39214

Exploit Probability

EPSS

0.32%

Percentile

55.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.