Vulnerability Description
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Meeting Software Development Kit | < 5.16.10 |
| Zoom | Video Software Development Kit | < 5.16.10 |
| Zoom | Zoom | < 5.16.10 |
| Zoom | Virtual Desktop Infrastructure | < 5.14.14 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/Vendor Advisory
- https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/Vendor Advisory
FAQ
What is CVE-2023-49647?
CVE-2023-49647 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of pr...
How severe is CVE-2023-49647?
CVE-2023-49647 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49647?
Check the references section above for vendor advisories and patch information. Affected products include: Zoom Meeting Software Development Kit, Zoom Video Software Development Kit, Zoom Zoom, Zoom Virtual Desktop Infrastructure, Microsoft Windows.