#VU79137 Improper Authentication in Zoom Video Communications, Inc. products - CVE-2023-39215
Published: August 8, 2023
Vulnerability identifier: #VU79137
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-39215
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Virtual Desktop Infrastructure (VDI)
Zoom Mobile App for Android
Zoom Mobile App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for Linux
Zoom Workplace Desktop App for macOS
Virtual Desktop Infrastructure (VDI)
Zoom Mobile App for Android
Zoom Mobile App for iOS
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.