CVE-2023-36535

Published Aug 8, 2023

Last updated 2 months ago

CVSS medium 6.5

Overview

Description: Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
Source: security@zoom.us
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-Other
security@zoom.us: CWE-449

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A529300E-4547-4D4D-B2EB-762C4F107CD8",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42FCEAAC-A453-4EDA-90A9-A82A23D8F685",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "666607A8-8F43-4B14-9CA7-D851376D05B5",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F8E8291-00C6-49CA-AB93-5E9FD0868959",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1430CF6C-7A2B-4755-8AEC-95E706DA1F07",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A66A1E5-9D2A-4533-B803-6C1B74C7AA5D",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516E7E40-A476-4277-8363-43FE4F748240",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3674A229-D066-4C97-93C5-E30824B54742",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B3D7B50-B13B-45D3-AE2C-7EBB1DE30FA4",
            "versionEndExcluding": "5.14.10"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2DE0D4A-F97E-41D3-9906-427BEFFBDB8F",
            "versionEndExcluding": "5.14.10"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References