CVE-2023-34120

Summary

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom for Windows Clientbefore 5.14.0affected
Zoom Video Communications, Inc.Zoom Rooms Client for Windowsbefore 5.14.0affected
Zoom Video Communications, Inc.Zoom VDI for Windows Meeting Clientsbefore 5.14.0affected

Weaknesses

  • CWE-347: CWE-347 Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References