CVE-2023-28602 - OpenCVE

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zoom	Zoom

Configuration 1 [-]

cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://explore.zoom.us/en/trust/security/security-bulletin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2023-06-13T17:30:07.510Z

Updated: 2024-08-02T13:43:23.585Z

Reserved: 2023-03-17T13:27:32.368Z

Link: CVE-2023-28602

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-13T18:15:21.683

Modified: 2023-06-21T20:53:37.857

Link: CVE-2023-28602

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28602", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2023-03-17T13:27:32.368Z", "datePublished": "2023-06-13T17:30:07.510Z", "dateUpdated": "2024-08-02T13:43:23.585Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Zoom for Windows Client", "vendor": "Zoom Video Communications, Inc.", "versions": [{"status": "affected", "version": "before 5.13.5"}]}], "datePublic": "2023-06-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions."}], "value": "Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions."}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554: Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2023-06-13T18:53:34.369Z"}, "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:43:23.585Z"}, "title": "CVE Program Container", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["x_transferred"]}]}]}}