First published: Tue Nov 14 2023(Updated: )
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
|Affected Software||Affected Version||How to fix|
|Zoom Virtual Desktop Infrastructure||<5.14.13|
|Zoom Virtual Desktop Infrastructure||>=5.15.0<5.15.11|
The vulnerability ID for this issue is CVE-2023-39202.
The affected software includes Zoom Rooms Client for Windows and Zoom VDI Client.
Versions up to and excluding 5.16.0 of Zoom Rooms Client for Windows are affected.
Versions up to and excluding 5.14.13 of Zoom VDI Client are affected.
The severity of this vulnerability is medium, with a CVSS severity score of 5.5.
This vulnerability can be exploited by a privileged user conducting a denial of service attack via local access.
To fix this vulnerability, update Zoom Rooms Client for Windows to version 5.16.0 or later, and update Zoom VDI Client to version 5.14.13 or later.
You can find more information about this vulnerability in the security bulletin provided by Zoom at the following link: https://explore.zoom.us/en/trust/security/security-bulletin/
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-426.