CVE-2023-43588
First published: Tue Nov 14 2023(Updated: )
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.16.0 | |
| Zoom Meetings | <5.16.0 | |
| Zoom Meetings | <5.16.0 | |
| Zoom Virtual Desktop Infrastructure | <5.14.13 | |
| Zoom Virtual Desktop Infrastructure | >=5.15.0<5.15.11 | |
| Zoom Zoom | <5.16.0 | |
| Zoom Zoom | <5.16.0 | |
| Zoom Zoom | <5.16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-43588?
CVE-2023-43588 is a vulnerability that allows an authenticated user to conduct information disclosure via network access in certain Zoom clients.
Which software versions are affected by CVE-2023-43588?
Zoom Meetings versions up to 5.16.0, Zoom Virtual Desktop Infrastructure versions up to 5.14.13 and versions between 5.15.0 and 5.15.11, as well as Zoom Zoom versions up to 5.16.0 are affected by CVE-2023-43588.
What is the severity of CVE-2023-43588?
CVE-2023-43588 has a severity score of 6.5, which is considered medium.
How can an authenticated user exploit CVE-2023-43588?
An authenticated user can exploit CVE-2023-43588 by leveraging insufficient control flow management in certain Zoom clients to conduct an information disclosure through network access.
Is there a fix available for CVE-2023-43588?
Yes, it is recommended to update to the latest version of the affected Zoom clients to mitigate CVE-2023-43588.
- collector/mitre-cve
- collector/nvd-api
- vendor/zoom
- canonical/zoom meetings
- canonical/zoom virtual desktop infrastructure
- version/zoom virtual desktop infrastructure/5.15.0
- canonical/zoom zoom