What is the vulnerability ID for this Zoom vulnerability?

The vulnerability ID for this Zoom vulnerability is CVE-2023-28597.

What is the severity of CVE-2023-28597?

The severity of CVE-2023-28597 is high with a severity value of 7.5.

Which Zoom clients are affected by CVE-2023-28597?

Zoom clients prior to version 5.13.5 are affected by CVE-2023-28597.

Where can I find more information about CVE-2023-28597?

You can find more information about CVE-2023-28597 on the Zoom security bulletin page: https://explore.zoom.us/en/trust/security/security-bulletin/

Vulnerability/
CVE-2023-28597

high

8.3

CWE

501

27/3/2023

3/4/2023

CVE-2023-28597

First published: Mon Mar 27 2023(Updated: )

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Credit: security@zoom.us

Affected Software	Affected Version	How to fix
Zoom Rooms	<5.13.5
Zoom Rooms	<5.13.5
Zoom Rooms	<5.13.5
Zoom Rooms	<5.13.5
Zoom Rooms	<5.13.5
Zoom Zoom	<5.13.5
Zoom Zoom	<5.13.5
Zoom Zoom	<5.13.5
Zoom Zoom	<5.13.5
Zoom Zoom	<5.13.5
Zoom Virtual Desktop Infrastructure	<5.13.10
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://explore.zoom.us/en/trust/security/security-bulletin/

Frequently Asked Questions

What is the vulnerability ID for this Zoom vulnerability?
The vulnerability ID for this Zoom vulnerability is CVE-2023-28597.
What is the severity of CVE-2023-28597?
The severity of CVE-2023-28597 is high with a severity value of 7.5.
Which Zoom clients are affected by CVE-2023-28597?
Zoom clients prior to version 5.13.5 are affected by CVE-2023-28597.
What is the impact of CVE-2023-28597?
If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB.
Where can I find more information about CVE-2023-28597?
You can find more information about CVE-2023-28597 on the Zoom security bulletin page: https://explore.zoom.us/en/trust/security/security-bulletin/

collector/nvd-index
agent/weakness
agent/author
vendor/zoom
canonical/zoom rooms
canonical/zoom zoom
canonical/zoom virtual desktop infrastructure
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.