CVE-2023-36540
First published: Tue Aug 08 2023(Updated: )
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
Credit: security@zoom.us security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom | <5.14.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-36540?
CVE-2023-36540 is a vulnerability in the Zoom Desktop Client for Windows before version 5.14.5 that allows an authenticated user to enable an escalation of privilege via local access due to an untrusted search path in the installer.
How does CVE-2023-36540 affect Zoom Desktop Client for Windows?
CVE-2023-36540 affects Zoom Desktop Client for Windows before version 5.14.5 by allowing an authenticated user to enable an escalation of privilege via local access.
What is the severity of CVE-2023-36540?
CVE-2023-36540 has a severity rating of 7.3 (high).
How can I fix CVE-2023-36540?
To fix CVE-2023-36540, update Zoom Desktop Client for Windows to version 5.14.5 or later.
Where can I find more information about CVE-2023-36540?
You can find more information about CVE-2023-36540 in the Zoom Desktop Client security bulletin: https://explore.zoom.us/en/trust/security/security-bulletin/
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- vendor/zoom
- canonical/zoom zoom