The favored video messaging platform Zoom has found a number of vulnerabilities affecting Zoom Purchasers. These vulnerabilities may enable an unauthorized consumer to hold out denial-of-service, privilege escalation, and knowledge disclosure assaults.
To obtain the latest safety updates and bug fixes, Zoom advises customers to replace to the latest model of the Zoom software program.
Excessive Severity Vulnerabilities Impacting Zoom Purchasers
Improper Authentication – CVE-2023-39215
With a CVSS Base Rating of seven.1 and a Excessive severity vulnerability listed as CVE-2023-39215, improper authentication in Zoom purchasers could allow an authenticated consumer to make the most of community entry to carry out a denial of service assault.
Affected Merchandise:
- Zoom Desktop Consumer for Home windows earlier than model 5.15.5
- Zoom Desktop Consumer for macOS earlier than model 5.15.5
- Zoom Desktop Consumer for Linux earlier than model 5.15.5
- Zoom VDI Consumer earlier than model 5.14.12
- Zoom VDI Consumer earlier than model 5.15.4
- Zoom Cell App for Android earlier than model 5.15.5
- Zoom Cell App for iOS earlier than model 5.15.5
- Zoom Assembly SDK’s earlier than model 5.15.5
Publicity of Delicate Info – CVE-2023-39214
A high-severity vulnerability with a CVSS Base Rating of seven.6 is recognized as CVE-2023-39214. It entails the publicity of delicate information in Zoom Consumer variations earlier than 5.15.5, which might allow a denial of service through community entry for an authenticated consumer.
Affected Merchandise:
- Zoom Desktop Consumer for Home windows earlier than model 5.15.5
- Zoom Desktop Consumer for macOS earlier than model 5.15.5
- Zoom Desktop Consumer for Linux earlier than model 5.15.5
- Zoom Cell App for Android earlier than model 5.15.5
- Zoom Cell App for iOS earlier than model 5.15.5
- Zoom Rooms for iPad earlier than model 5.15.5
- Zoom Rooms for Android earlier than model 5.15.5
- Zoom Rooms for Home windows earlier than model 5.15.5
- Zoom Rooms for macOS earlier than model 5.15.5
Consumer-Aspect Enforcement of Server-Aspect Safety – CVE-2023-36535
Earlier than model 5.14.10, client-side enforcement of server-side safety in Zoom purchasers could have allowed an authenticated consumer to allow info publicity through community entry.
This high-severity vulnerability was recognized as CVE-2023-36535 and has a CVSS Base Rating of seven.1.
Affected Merchandise:
- Zoom Purchasers for Home windows earlier than model 5.14.10
- Zoom Desktop Consumer for macOS earlier than model 5.14.10
- Zoom Desktop Consumer for Linux earlier than model 5.14.10
- Zoom VDI Host and Plugin earlier than model 5.14.10
- Zoom Cell App for Android earlier than model 5.14.10
- Zoom Cell App for iOS earlier than model 5.14.10
- Zoom Rooms for iPad earlier than model 5.14.10
- Zoom Rooms for Android earlier than model 5.14.10
- Zoom Rooms for Home windows earlier than model 5.14.10
- Zoom Rooms for macOS earlier than model 5.14.10
Medium and Low-Severity Vulnerabilities Impacting Zoom Purchasers
Improper Authorization (CVE-2023-43582), Inadequate Management Movement Administration (CVE-2023-43588), Cryptographic Points (CVE-2023-39199), Buffer Overflow (CVE-2023-39206, CVE-2023-39204, CVE-2023-36532), Improper Situations Test (CVE-2023-39205),
Consumer-Aspect Enforcement of Server-Aspect Safety (CVE-2023-39218), Improper Enter Validation (CVE-2023-39217).
Replace Now!
Customers are suggested to remain secure by putting in the latest updates or getting the latest Zoom software program which incorporates all safety updates.
Patch Supervisor Plus, the one-stop resolution for automated updates of over 850 third-party purposes: Attempt Free Trial.