CVE-2023-34121
4.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Summary
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom for Windows | before 5.14.0 | affected |
| Zoom Video Communications, Inc. | Zoom Rooms Client for Windows | before 5.14.0 | affected |
| ZoomZoom Video Communications, Inc. | Zoom VDI for Windows Meeting Clients | before 5.14.0 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.