Source: heimdalsecurity.com – Author: Mihaela Marian
Six high-severity and one low-severity vulnerability patches have been released by Zoom. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data.
The vulnerabilities were assigned CVSS Scores ranging from 3.3 (low) to 8.4 (high).
CVEs Overview
High Severity Vulnerabilities
The high-severity vulnerabilities are as follows:
- CVE-2023-36538: This vulnerability involved improper access control in Zoom rooms, affecting versions older than 5.15.0. It allowed an authenticated user to escalate privileges locally.
- CVE-2023-36537: This vulnerability involved improper privilege management in Zoom, impacting versions prior to 5.15.0. It could also lead to privilege escalation.
- CVE-2023-36536: This vulnerability stemmed from an untrusted search path in the installer of Zoom rooms before version 5.15.0.
- CVE-2023-34119: This vulnerability arose from the presence of insecure temporary files in Zoom rooms versions preceding 5.15.0.
In addition to these high-severity vulnerabilities, there was one low-severity CVE:
- CVE-2023-34117: This vulnerability involved relative path traversal in Zoom Desktop for Windows versions prior to 5.15.0. Although it was classified as low severity, it still posed a risk.
Zoom promptly addressed these issues by fixing the vulnerabilities and releasing the necessary patches. Users are strongly advised to upgrade their Zoom software to version 5.15.0 or later in order to eliminate these vulnerabilities and stay clear from the risks they pose.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/zoom-vulnerabilities/
Category & Tags: Cybersecurity News – Cybersecurity News
