Zoom Client Info Disclosure via Insufficient Control Flow (Auth)
CVE-2023-43588 Published on November 15, 2023

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

NVD

Vulnerability Analysis

CVE-2023-43588 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

Products Associated with CVE-2023-43588

Want to know whenever a new CVE is published for Zoom products? stack.watch will email you.

Zoom Meetings

Zoom Virtual Desktop Infrastructure

Zoom

Affected Versions

Zoom Video Communications, Inc. Zoom Clients Version see references is affected by CVE-2023-43588

Exploit Probability

EPSS

0.27%

Percentile

49.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.