Attackers can attack Zoom applications and, for example, gain higher user rights. This affects Zoom Clients, Zoom Desktop Client for Windows, Zoom Client SDK, Zoom Rooms for Windows, Zoom SDK and Zoom VDI Client. Security updates are available for download.
The Zoom developers have compiled information about the gaps in the security area of their website. The most dangerous is a “critical” vulnerability (CVE-2023-39213) in Zoom Desktop Client for Windows and Zoom VDI Client.
In a way that is not described in detail, an attacker should be able to obtain higher user rights via network access without authentication. The developers claim to have closed the gap in version 5.15.2. The developers have closed similar vulnerabilities (CVE-2023-39216 “critical”, CVE-2023-36543 “critical”) in version 5.14.7.
Exploiting other vulnerabilities in Rooms for Windows (CVE-2023-39212 “high”) could trigger a DoS condition. It is also possible that attackers can access information that is actually closed off in the Zoom Client SDK for Windows (CVE-2023-39210 “medium”). Overall, the developers have solved 15 security problems in current versions.
#Video #meeting #applications #Zoom #equips #products #attacks