Cyber Security

Zoom Security Flaws let Attackers Escalate Privileges

Zoom has released security patches for 6 high and 1 low severity vulnerabilities, allowing threat actors to escalate privileges and disclose sensitive information.

The CVSS Score of these vulnerabilities ranges between 3.3 (low) and 8.4 (High).

CVE(s):

TitleCVE IDSeverity
Improper Access ControlCVE-2023-36538High
Improper Privilege ManagementCVE-2023-36537High
Untrusted Search PathCVE-2023-36536High
Insecure Temporary FileCVE-2023-34119High
Improper Privilege ManagementCVE-2023-34118High
Relative Path TraversalCVE-2023-34117Low
Improper Input ValidationCVE-2023-34116High

High Severity Vulnerabilities

CVE-2023-36538: Improper access control leads to privilege escalation in Zoom rooms

This vulnerability exists due to improper access control on Zoom rooms in Zoom versions lower than 5.15.0, allowing an authenticated user to escalate privileges via local access.

CVE-2023-36536: Untrusted search path leads to privilege escalation

This vulnerability exists due to an untrusted search path in the installer of Zoom rooms prior to version 5.15.0 which allows an authenticated user to escalate privileges via local access.

CVE-2023-34119: Insecure temporary file leads to privilege escalation

This vulnerability exists due to an insecure file on the installer of Zoom rooms versions prior to 5.15.0, allowing an authenticated user to escalate privileges via local access.

CVE-2023-34116: Improper input validation in Zoom leads to privilege escalation

This vulnerability exists due to improper input validation in Zoom Desktop for Windows versions prior to 5.15.0, allowing an authenticated user to escalate privileges via local access.

The vulnerabilities are discovered and reported to Zoom by sim0nsecurity.

The above-mentioned are four of the highest-severity vulnerabilities that have been fixed by Zoom and necessary patches have been released. 

For more information on the patches, Zoom has released a security advisory for these vulnerabilities. Users are recommended to upgrade their Zoom versions to fix these vulnerabilities.

Source: https://cybersecuritynews.com/zoom-security-flaws/

Click to comment

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version