Improper Authentication in Zoom Video Communications, Inc. products - CVE-2023-39215
Published: August 8, 2023
Vulnerability identifier: #VU79137
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-39215
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Virtual Desktop Infrastructure (VDI)
Zoom Mobile App for Android
Zoom Mobile App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Virtual Desktop Infrastructure (VDI)
Zoom Mobile App for Android
Zoom Mobile App for iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.
How to mitigate CVE-2023-39215
Install updates from vendor's website.