Lucene search

ZoomCVELIST:CVE-2023-34114

HistoryJun 13, 2023 - 6:37 p.m.

CVE-2023-34114

2023-06-1318:37:22

CWE-668

Zoom

www.cve.org

zoom

information disclosure

network access

cve-2023-34114

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom for Windows Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before  5.14.10"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Zoom for MacOS Client",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.10"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for CVELIST:CVE-2023-34114