CVE-2023-39203

2023-11-1423:15:08

CWE-789

Zoom

web.nvd.nist.gov

zoom

team chat

desktop client

windows

vdi client

uncontrolled resource consumption

cve-2023-39203

information disclosure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.

Affected configurations

Nvd

Node

zoomvirtual_desktop_infrastructureRange<5.14.13

zoomvirtual_desktop_infrastructureRange5.15.0–5.15.11

zoomzoomRange<5.16.0windows

VendorProductVersionCPE
zoomvirtual_desktop_infrastructure*cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
zoom	virtual_desktop_infrastructure	*	cpe:2.3:a:zoom:virtual_desktop_infrastructure::::::::
zoom	zoom	*	cpe:2.3:a:zoom:zoom::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Zoom Rooms Client for Windows and Zoom VDI Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "see references"
      }
    ]
  }
]