CVE-2023-28597

Description

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Related CPE's

azoomrooms*****macos**

azoomzoom*****linux_kernel**

azoomzoom*****iphone_os**

azoomzoom*****android**

azoomzoom*****windows**

azoomzoom*****macos**

azoomrooms*****linux_kernel**

azoomrooms*****iphone_os**

azoomrooms*****android**

azoomrooms*****windows**

References

https://explore.zoom.us/en/trust/security/security-bulletin/

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io