Heimdal
Home > Cybersecurity News

Zoom Vulnerabilities Allow Attackers to Escalate Privileges

Users Advised to Upgrade Their Software Version Now!

Last updated on July 14, 2023

article featured image

Contents:

Six high-severity and one low-severity vulnerability patches have been released by Zoom. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data.

The vulnerabilities were assigned CVSS Scores ranging from 3.3 (low) to 8.4 (high).

Zoom Vulnerabilities

CVEs Overview

Title CVE ID Severity
Improper Access Control CVE-2023-36538 High
Improper Privilege Management CVE-2023-36537 High
Untrusted Search Path CVE-2023-36536 High
Insecure Temporary File CVE-2023-34119 High
Improper Privilege Management CVE-2023-34118 High
Relative Path Traversal CVE-2023-34117 Low
Improper Input Validation CVE-2023-34116 High

High Severity Vulnerabilities

The high-severity vulnerabilities are as follows:

  1. CVE-2023-36538: This vulnerability involved improper access control in Zoom rooms, affecting versions older than 5.15.0. It allowed an authenticated user to escalate privileges locally.
  2. CVE-2023-36537: This vulnerability involved improper privilege management in Zoom, impacting versions prior to 5.15.0. It could also lead to privilege escalation.
  3. CVE-2023-36536: This vulnerability stemmed from an untrusted search path in the installer of Zoom rooms before version 5.15.0.
  4. CVE-2023-34119: This vulnerability arose from the presence of insecure temporary files in Zoom rooms versions preceding 5.15.0.

In addition to these high-severity vulnerabilities, there was one low-severity CVE:

  • CVE-2023-34117: This vulnerability involved relative path traversal in Zoom Desktop for Windows versions prior to 5.15.0. Although it was classified as low severity, it still posed a risk.

Zoom promptly addressed these issues by fixing the vulnerabilities and releasing the necessary patches. Users are strongly advised to upgrade their Zoom software to version 5.15.0 or later in order to eliminate these vulnerabilities and stay clear from the risks they pose.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube, for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

Related Articles

What Is Vulnerability Management [Everything You Need to Know]What Is Patch Management? Definition, Process, Benefits, and Best Practices [UPDATED 2024]What Is Privilege Escalation? Definition, Types and ExamplesHow to Prevent Privilege Escalation Attacks?What Is a CVE? Common Vulnerabilities and Exposures Explained

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V