October 3, 2023

Zoom has released several fixes for the vulnerabilities identified in its product. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data.

  1. CVE-2023-36538: This vulnerability involved improper access control in Zoom rooms, affecting versions older than 5.15.0. It allowed an authenticated user to escalate privileges locally.
  2. CVE-2023-36537: This vulnerability involved improper privilege management in Zoom, impacting versions prior to 5.15.0. It could also lead to privilege escalation.
  3. CVE-2023-36536: This vulnerability stemmed from an untrusted search path in the installer of Zoom rooms before version 5.15.0.
  4. CVE-2023-34119: This vulnerability arose from the presence of insecure temporary files in Zoom rooms versions preceding 5.15.0.
  5. CVE-2023-34117: This vulnerability involved relative path traversal in Zoom Desktop for Windows versions prior to 5.15.0. Although it was classified as low severity, it still posed a risk.

Zoom promptly addressed these issues by fixing the vulnerabilities and releasing the necessary patches. Users are strongly advised to upgrade their Zoom software to version 5.15.0 or later in order to eliminate these vulnerabilities and stay clear from the risks they pose.

Leave a Reply

%d bloggers like this: