Zoom Desktop Client Path Trv Auth Escalation via Net Access
CVE-2023-43586 Published on December 13, 2023

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

NVD

Vulnerability Analysis

CVE-2023-43586 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an Untrusted Path Vulnerability?

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CVE-2023-43586 has been classified to as an Untrusted Path vulnerability or weakness.


Products Associated with CVE-2023-43586

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom Meeting Software Development Kit
 
Zoom Video Software Development Kit
 
Zoom Virtual Desktop Infrastructure
 
Zoom
 

Affected Versions

Zoom Video Communications, Inc. Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows Version See references is affected by CVE-2023-43586

Exploit Probability

EPSS
0.08%
Percentile
22.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.