CVE-2023-28597 - OpenCVE

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Zoom	Rooms Virtual Desktop Infrastructure Zoom

Configuration 1 [-]

OR	cpe:2.3:a:zoom:rooms::::::android::*
	cpe:2.3:a:zoom:rooms::::::iphone_os::*
	cpe:2.3:a:zoom:rooms::::::linux_kernel::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:zoom::::::android::*
	cpe:2.3:a:zoom:zoom::::::iphone_os::*
	cpe:2.3:a:zoom:zoom::::::linux_kernel::*
	cpe:2.3:a:zoom:zoom::::::macos::*
	cpe:2.3:a:zoom:zoom::::::windows::*

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://explore.zoom.us/en/trust/security/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2023-03-27T00:00:00

Updated: 2024-08-02T13:43:22.755Z

Reserved: 2023-03-17T00:00:00

Link: CVE-2023-28597

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-03-27T21:15:12.260

Modified: 2023-04-03T14:22:09.760

Link: CVE-2023-28597

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28597", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "dateUpdated": "2024-08-02T13:43:22.755Z", "dateReserved": "2023-03-17T00:00:00", "datePublished": "2023-03-27T00:00:00"}, "containers": {"cna": {"title": "Improper trust boundary implementation for SMB in Zoom Clients", "datePublic": "2023-03-14T00:00:00", "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2023-03-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution."}], "affected": [{"vendor": "Zoom Video Communications Inc", "product": "Zoom (for Android, iOS, Linux, macOS, and Windows)", "versions": [{"version": "unspecified", "lessThan": "5.13.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Zoom Video Communications Inc", "product": "Zoom Rooms (for Android, iOS, Linux, macOS, and Windows)", "versions": [{"version": "unspecified", "lessThan": "5.13.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Zoom Video Communications Inc", "product": "Zoom VDI for Windows", "versions": [{"version": "unspecified", "lessThan": "5.13.10", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-501: Trust Boundary Violation", "cweId": "CWE-501"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:43:22.755Z"}, "title": "CVE Program Container", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", "matchCriteriaId": "9A22E1F9-8302-4990-8118-4A2D6A38A605", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "2F296A18-F2FE-44F8-A803-F5CEE0FEE3CD", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "BD7706B3-16ED-44E8-B41C-C55E8C715713", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "matchCriteriaId": "17083D16-FEE1-4DE4-8EBC-FBCA89AC3DD1", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "matchCriteriaId": "186D705B-003C-4991-93FC-AA71C1656C68", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", "matchCriteriaId": "54800A16-98E2-4903-B2B0-D5C66C4AC845", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "35139855-F16B-4149-88EE-05C0C4040C38", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "1C4200BC-CF56-4795-80EF-0E4D3A43F883", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", "matchCriteriaId": "A31F4838-E56D-4C7E-BA09-17E10D54A273", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DDDF143E-324E-4D0C-83D1-2E66DDE760E2", "versionEndExcluding": "5.13.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FB64BAF-EB86-40B9-A123-7C1C7EFDE5AC", "versionEndExcluding": "5.13.10", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution."}], "id": "CVE-2023-28597", "lastModified": "2023-04-03T14:22:09.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2023-03-27T21:15:12.260", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-501"}], "source": "security@zoom.us", "type": "Secondary"}]}