CVE-2023-39214

Published Aug 8, 2023

Last updated 2 months ago

CVSS high 8.1

Overview

Description: Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Source: security@zoom.us
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-668
security@zoom.us: CWE-749

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C993CD54-5D54-4979-84A7-E1B6AC13391C",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F20636D4-1E23-4703-9574-7E68DB9F6CF4",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D48D7F93-C36E-49EC-9767-EC9604750FE7",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7F7B4F1-B1C5-43FB-A41B-302675CE7DBD",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6098D0DF-2760-44A3-88C3-F120EA4F9771",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ADE88B6-FFDF-40CF-A262-41906B97669C",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AE37FB8-AB87-4FCC-9D7A-375418FEE1A1",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DE837CD-CC55-4910-83B8-7295E544113A",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F58270-1E18-4FF9-BABA-895F7018D514",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB104E47-F37D-4B3D-8530-B87893D3AD90",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB71D63A-ECCB-4371-B1E3-25BF96E5D84E",
            "versionEndExcluding": "5.15.5"
          },
          {
            "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61B77771-BBE7-49A8-82C4-0DC27D3D0E97",
            "versionEndExcluding": "5.15.5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References