Zoom iOS Mobile App SDK Improper Access Control before 5.16.5
CVE-2023-43585 Published on December 13, 2023

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.

NVD

Vulnerability Analysis

CVE-2023-43585 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

Products Associated with CVE-2023-43585

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom Meeting Software Development Kit

Zoom Video Software Development Kit

Zoom

Affected Versions

Zoom Video Communications, Inc. Zoom Mobile App for iOS and SDKs for iOS Version before 5.16.0 is affected by CVE-2023-43585

Exploit Probability

EPSS

0.13%

Percentile

32.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.