CVE-2023-36539 - OpenCVE

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zoom	Meetings Poly Ccx 600 Poly Ccx 600 Firmware Poly Ccx 700 Poly Ccx 700 Firmware Rooms Video Software Development Kit Yealink Mp54 Yealink Mp54 Firmware Yealink Mp56 Yealink Mp56 Firmware Yealink Vp59 Yealink Vp59 Firmware Zoom

Configuration 1 [-]

OR	cpe:2.3:a:zoom:meetings:5.15.0:::::android::
	cpe:2.3:a:zoom:meetings:5.15.0:::::iphone_os::
	cpe:2.3:a:zoom:meetings:5.15.0:::::macos::
	cpe:2.3:a:zoom:meetings:5.15.1:::::windows::
	cpe:2.3:a:zoom:rooms:5.15.0:::::ipad_os::
	cpe:2.3:a:zoom:rooms:5.15.0:::::macos::
	cpe:2.3:a:zoom:rooms:5.15.0:::::windows::
	cpe:2.3:a:zoom:video_software_development_kit:1.8.0:::::::*
	cpe:2.3:a:zoom:zoom:5.15.0:::::android::
	cpe:2.3:a:zoom:zoom:5.15.0:::::iphone_os::
	cpe:2.3:a:zoom:zoom:5.15.0:::::linux::
	cpe:2.3:a:zoom:zoom:5.15.0:::::macos::
	cpe:2.3:a:zoom:zoom:5.15.0:::::windows::
	cpe:2.3:a:zoom:zoom:5.15.1:::::windows::

Configuration 2 [-]

AND

cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*

cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*

cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://explore.zoom.us/en/trust/security/security-bulletin/

History

Wed, 18 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Description	Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.	Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
Weaknesses		CWE-200 CWE-325

MITRE

Status: PUBLISHED

Assigner: Zoom

Published: 2023-06-30T02:01:21.401Z

Updated: 2024-09-18T18:25:53.635Z

Reserved: 2023-06-22T18:04:31.169Z

Link: CVE-2023-36539

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-30T03:15:09.747

Modified: 2024-09-18T19:15:29.133

Link: CVE-2023-36539

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object