CVE-2023-49647: Zoom Desktop Client for Windows - Improper Access Control
First published: Fri Jan 12 2024(Updated: )
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meeting Software Development Kit | <5.16.10 | |
| Zoom Video Software Development Kit | <5.16.10 | |
| Zoom Zoom | <5.16.10 | |
| All of | ||
| Any of | ||
| Zoom Virtual Desktop Infrastructure | <5.14.14 | |
| Zoom Virtual Desktop Infrastructure | >=5.15.0<5.15.12 | |
| Zoom Virtual Desktop Infrastructure | >=5.16.0<5.16.10 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/description
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/zoom
- canonical/zoom meeting software development kit
- canonical/zoom video software development kit
- canonical/zoom zoom
- canonical/zoom virtual desktop infrastructure
- version/zoom virtual desktop infrastructure/5.15.0
- version/zoom virtual desktop infrastructure/5.16.0
- vendor/microsoft
- canonical/microsoft windows