How severe is CVE-2023-39213?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Is CVE-2023-39213 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zoom Video Communications, Inc. Desktop Client For Windows And Vdi

CVE-2023-39213

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

EPSS: 0.012 (79.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Zoom Video Communications, Inc. Desktop Client For Windows And Vdi — versions before 5.15.2

Weakness classification (CWE)

CWE-176

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

explore.zoom.us/en/trust/security/security-bulletin/

Frequently asked questions

What is CVE-2023-39213?: CVE-2023-39213 is a critical-severity vulnerability in Zoom Video Communications, Inc. Desktop Client For Windows And Vdi, classified under CWE-176. CVSS score: 9.6/10. Published 2023-08-08.
How severe is CVE-2023-39213?: Critical severity. CVSS v3 base score is 9.6 out of 10.
Is CVE-2023-39213 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.