{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39213", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2023-07-25T18:38:00.938Z", "datePublished": "2023-08-08T21:36:13.783Z", "dateUpdated": "2024-08-02T18:02:06.849Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Zoom Desktop Client for Windows and Zoom VDI Client", "vendor": "Zoom Video Communications, Inc.", "versions": [{"status": "affected", "version": "before 5.15.2"}]}], "datePublic": "2023-08-08T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\n"}], "value": "\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\n"}], "impacts": [{"capecId": "CAPEC-267", "descriptions": [{"lang": "en", "value": "CAPEC-267: Leverage Alternate Encoding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2023-08-08T21:36:13.783Z"}, "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.849Z"}, "title": "CVE Program Container", "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "08933DED-744E-4F1A-A3D8-A68027580BAE", "versionEndExcluding": "5.15.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", "matchCriteriaId": "AF2002E9-CEC6-4D38-83E4-7F8D2DE59806", "versionEndExcluding": "5.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\n"}], "id": "CVE-2023-39213", "lastModified": "2023-08-15T15:30:15.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2023-08-08T22:15:10.657", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}