Skip to main content

Zoom CVE-2023-36534

CRITICAL
Path Traversal (CWE-22)
2023-08-08 security@zoom.us
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 08, 2023 - 18:15 nvd
CRITICAL 9.8

DescriptionNVD

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

AnalysisAI

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. Affected products include: Zoom. Version information: before 5.14.7.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Zoom

View all
CVE-2017-15049 HIGH POC
8.8 Dec 19

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when c

CVE-2017-15048 HIGH POC
8.8 Dec 19

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote

CVE-2020-6109 CRITICAL POC
9.8 Jun 08

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including anima

CVE-2018-15715 CRITICAL POC
9.8 Nov 30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0

CVE-2020-6110 HIGH POC
8.8 Jun 08

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages incl

CVE-2019-13567 HIGH POC
8.8 Jul 12

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-134

CVE-2026-1368 HIGH POC
7.5 Feb 18

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

CVE-2019-13450 MEDIUM POC
6.5 Jul 09

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a v

CVE-2019-13449 MEDIUM POC
6.5 Jul 09

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a s

CVE-2026-22844 CRITICAL
9.9 Jan 20

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing m

CVE-2024-24691 CRITICAL
9.8 Feb 14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Wind

CVE-2023-39213 CRITICAL
9.8 Aug 08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may all

Share

CVE-2023-36534 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy