CVE-2023-34120
Last modified
CVE-2023-34120 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Virtual Desktop Infrastructure | < 5.14.0 |
References
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
- https://explore.zoom.us/en/trust/security/security-bulletin/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-34120?
How severe is CVE-2023-34120?
How do I fix CVE-2023-34120?
Are you affected by CVE-2023-34120?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST