CVE-2023-36540

Summary

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom Desktop Client for Windowsbefore 5.14.5affected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References