Vulnerabilities > CVE-2023-28603 - Unspecified vulnerability in Zoom Virtual Desktop Infrastructure

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

zoom

NVD

Published: 2023-06-13

Updated: 2024-09-19

Summary

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.

Vulnerable Configurations

Part	Description	Count
Application	Zoom Zoom Virtual Desktop Infrastructure 3.3.0 Zoom Virtual Desktop Infrastructure 3.3.1 Zoom Virtual Desktop Infrastructure 3.3.2 Zoom Virtual Desktop Infrastructure 3.3.3 Zoom Virtual Desktop Infrastructure 5.5.0 Zoom Virtual Desktop Infrastructure 5.5.3 Zoom Virtual Desktop Infrastructure 5.5.4 Zoom Virtual Desktop Infrastructure 5.5.6 Zoom Virtual Desktop Infrastructure 5.5.8 Zoom Virtual Desktop Infrastructure 5.5.9 Zoom Virtual Desktop Infrastructure 5.5.10 Zoom Virtual Desktop Infrastructure 5.7.0 Zoom Virtual Desktop Infrastructure 5.7.2 Zoom Virtual Desktop Infrastructure 5.7.5 Zoom Virtual Desktop Infrastructure 5.7.6 Zoom Virtual Desktop Infrastructure 5.7.8 Zoom Virtual Desktop Infrastructure 5.8.0 Zoom Virtual Desktop Infrastructure 5.8.4 Zoom Virtual Desktop Infrastructure 5.8.5 Zoom Virtual Desktop Infrastructure 5.9.0 Zoom Virtual Desktop Infrastructure 5.9.1 Zoom Virtual Desktop Infrastructure 5.9.2 Zoom Virtual Desktop Infrastructure 5.9.6 Zoom Virtual Desktop Infrastructure 5.10.0 Zoom Virtual Desktop Infrastructure 5.10.2 Zoom Virtual Desktop Infrastructure 5.10.6 Zoom Virtual Desktop Infrastructure 5.10.7 Zoom Virtual Desktop Infrastructure 5.11.0 Zoom Virtual Desktop Infrastructure 5.11.2 Zoom Virtual Desktop Infrastructure 5.13.1 Zoom Virtual Desktop Infrastructure 5.13.10	31
OS	Microsoft Microsoft Windows -	1

References

https://explore.zoom.us/en/trust/security/security-bulletin/