CVE-2023-28602

Summary

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom for Windows Clientbefore 5.13.5affected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References