ZoomCVELIST:CVE-2023-28597CVE-2023-28597 Improper trust boundary implementation for SMB in Zoom Clients
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
40.2%
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user’s device and data, and remote code execution.
CNA Affected
[
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.13.5",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Rooms (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.13.5",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom VDI for Windows",
"versions": [
{
"version": "unspecified",
"lessThan": "5.13.10",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
40.2%