CVE-2023-34121

Summary

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom for Windowsbefore 5.14.0affected
Zoom Video Communications, Inc.Zoom Rooms Client for Windowsbefore 5.14.0affected
ZoomZoom Video Communications, Inc.Zoom VDI for Windows Meeting Clientsbefore 5.14.0affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References