CVE-2023-28596
First published: Mon Mar 27 2023(Updated: )
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.13.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28596?
CVE-2023-28596 is a local privilege escalation vulnerability in Zoom Client for IT Admin macOS installers before version 5.13.5.
How severe is CVE-2023-28596?
CVE-2023-28596 has a severity rating of 7.8 (high).
How does CVE-2023-28596 affect Zoom Meetings?
CVE-2023-28596 affects Zoom Meetings version up to and exclusive of 5.13.5 on iPhone OS.
How can a local low-privileged user exploit CVE-2023-28596?
A local low-privileged user can exploit CVE-2023-28596 during the installation process of Zoom Client for IT Admin macOS to escalate their privileges to root.
Where can I find more information about CVE-2023-28596?
You can find more information about CVE-2023-28596 in the security bulletin on the official Zoom website: [link](https://explore.zoom.us/en/trust/security/security-bulletin/)
- collector/nvd-index
- vendor/zoom
- canonical/zoom meetings