October 3, 2023

Zoom has released several fixes for the vulnerabilities identified in its product. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data.

  1. CVE-2023-36538: This vulnerability involved improper access control in Zoom rooms, affecting versions older than 5.15.0. It allowed an authenticated user to escalate privileges locally.
  2. CVE-2023-36537: This vulnerability involved improper privilege management in Zoom, impacting versions prior to 5.15.0. It could also lead to privilege escalation.
  3. CVE-2023-36536: This vulnerability stemmed from an untrusted search path in the installer of Zoom rooms before version 5.15.0.
  4. CVE-2023-34119: This vulnerability arose from the presence of insecure temporary files in Zoom rooms versions preceding 5.15.0.
  5. CVE-2023-34117: This vulnerability involved relative path traversal in Zoom Desktop for Windows versions prior to 5.15.0. Although it was classified as low severity, it still posed a risk.
Advertisements

Zoom promptly addressed these issues by fixing the vulnerabilities and releasing the necessary patches. Users are strongly advised to upgrade their Zoom software to version 5.15.0 or later in order to eliminate these vulnerabilities and stay clear from the risks they pose.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: