The popular video messaging platform Zoom has discovered multiple vulnerabilities affecting Zoom Clients. These vulnerabilities might allow an unauthorized user to carry out denial-of-service, privilege escalation, and information disclosure attacks.
To receive the most recent security updates and bug fixes, Zoom advises users to update to the most recent version of the Zoom software.
Improper Authentication – CVE-2023-39215
With a CVSS Base Score of 7.1 and a High severity vulnerability listed as CVE-2023-39215, improper authentication in Zoom clients may enable an authenticated user to utilize network access to perform a denial of service attack.
Affected Products:
Exposure of Sensitive Information – CVE-2023-39214
A high-severity vulnerability with a CVSS Base Score of 7.6 is identified as CVE-2023-39214. It involves the exposure of sensitive data in Zoom Client versions before 5.15.5, which could enable a denial of service via network access for an authenticated user.
Affected Products:
Client-Side Enforcement of Server-Side Security – CVE-2023-36535
Before version 5.14.10, client-side enforcement of server-side security in Zoom clients may have allowed an authenticated user to enable information exposure via network access.
This high-severity vulnerability was identified as CVE-2023-36535 and has a CVSS Base Score of 7.1.
Affected Products:
Medium and Low-Severity Vulnerabilities Impacting Zoom Clients
Improper Authorization (CVE-2023-43582), Insufficient Control Flow Management (CVE-2023-43588), Cryptographic Issues (CVE-2023-39199), Buffer Overflow (CVE-2023-39206, CVE-2023-39204, CVE-2023-36532), Improper Conditions Check (CVE-2023-39205),
Client-Side Enforcement of Server-Side Security (CVE-2023-39218), Improper Input Validation (CVE-2023-39217).
Users are advised to stay safe by installing the most recent updates or getting the most recent Zoom software which includes all security updates.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate…
A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin nodes,…
Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game…
Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could…
QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers…
Imagine this: It's a typical Tuesday morning in a bustling hospital. Doctors make their rounds,…