Advisory Published

CVE-2023-36539: Weak Encryption

First published: Fri Jun 30 2023(Updated: )

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Credit: security@zoom.us

Affected SoftwareAffected VersionHow to fix
Zoom Meetings=5.15.0
Zoom Meetings=5.15.0
Zoom Meetings=5.15.0
Zoom Meetings=5.15.1
Zoom Rooms=5.15.0
Zoom Rooms=5.15.0
Zoom Rooms=5.15.0
Zoom Video Software Development Kit=1.8.0
Zoom Zoom=5.15.0
Zoom Zoom=5.15.0
Zoom Zoom=5.15.0
Zoom Zoom=5.15.0
Zoom Zoom=5.15.0
Zoom Zoom=5.15.1
Zoom Poly Ccx 700 Firmware=5.15.0
Zoom Poly Ccx 700
Zoom Poly Ccx 600 Firmware=5.15.0
Zoom Poly Ccx 600
Zoom Yealink Vp59 Firmware=5.15.0
Zoom Yealink Vp59
Zoom Yealink Mp54 Firmware=5.15.0
Zoom Yealink Mp54
Zoom Yealink Mp56 Firmware=5.15.0
Zoom Yealink Mp56

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this Zoom vulnerability?

    The vulnerability ID of this Zoom vulnerability is CVE-2023-36539.

  • What is the severity of CVE-2023-36539?

    The severity of CVE-2023-36539 is high with a CVSS score of 7.5.

  • Which software versions are affected by CVE-2023-36539?

    Zoom Meetings version 5.15.0, Zoom Meetings version 5.15.1, Zoom Rooms version 5.15.0, Zoom Video Software Development Kit version 1.8.0, and Zoom Zoom versions 5.15.0 and 5.15.1 are affected by CVE-2023-36539.

  • What is the impact of CVE-2023-36539?

    CVE-2023-36539 may lead to the disclosure of sensitive information that was intended to be encrypted.

  • Is there a fix available for CVE-2023-36539?

    Yes, a fix is available for CVE-2023-36539. It is recommended to update Zoom Meetings and Zoom Zoom to the latest version.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203