Vulnerability in Microsoft Windows
CVE-2023-34120
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potenti…
EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L.
Affected products
- Microsoft Windows
- Zoom Virtual_desktop_infrastructure
- Zoom Video Communications, Inc. For Windows Client — versions before 5.14.0
- Zoom Video Communications, Inc. Rooms Client For Windows — versions before 5.14.0
- Zoom Video Communications, Inc. Vdi For Windows Meeting Clients — versions before 5.14.0
Weakness classification (CWE)
References
- security@zoom.us (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-34120?
- CVE-2023-34120 is a high-severity vulnerability in Microsoft Windows, classified under Improper Verification of Cryptographic Signature. CVSS score: 8.7/10. Published 2023-06-13.
- How severe is CVE-2023-34120?
- High severity. CVSS v3 base score is 8.7 out of 10.