Multiple vulnerabilities in Zoom clients

1) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU73695

Risk: Medium

CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22885

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the way the Zoom client handles SMB shares. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for Windows: 5.0.0 23168.0427 - 5.13.4 11835

Zoom Workplace App for Android: 5.0.1 23478.0429 - 5.13.4 11364

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 5.13.4 14461

Zoom Workplace Desktop App for Linux: 5.1.418436.0628 - 5.13.4 711

Zoom Workplace App for iOS: 5.0.0 23161.0427 - 5.13.4 6295

Zoom Rooms Client for Windows: 5.0.0 1420.0426 - 5.13.0 2301

Zoom Rooms Client for macOS: 5.0.0 2236.0426 - 5.13.0 2196

Virtual Desktop Infrastructure (VDI): 5.0.1 - 5.13.1

CPE2.3

• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.0:23168.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.1:23502.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.2:24046.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.1:23478.0429:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.2:24050.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.3:24973.0517:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.0.0:23186.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.1:28575.0629:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.1.2:28648.0705:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_linux:5.1.418436.0628:*:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.0:23161.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_rooms_for_windows:5.0.0:1420.0426:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_rooms_for_macos:5.0.0:2236.0426:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:vdi:5.0.1:*:*:*:*:*:*:*

External links

https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23005

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU73694

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22882

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing STUN packets. A remote attacker can send specially crafted UDP traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for Windows: 5.0.0 23168.0427 - 5.13.4 11835

Zoom Workplace App for Android: 5.0.1 23478.0429 - 5.13.4 11364

Zoom Workplace App for iOS: 5.0.0 23161.0427 - 5.13.4 6295

Zoom Workplace Desktop App for Linux: 5.1.418436.0628 - 5.13.4 711

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 5.13.4 14461

CPE2.3

• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.0:23168.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.1:23502.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.2:24046.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.1:23478.0429:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.2:24050.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.3:24973.0517:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.0:23161.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.1:23508.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.2:24042.0509:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_linux:5.1.418436.0628:*:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.0.0:23186.0427:*:*:*:*:*:*

External links

https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23002

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU73693

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-22881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing STUN packets. A remote attacker can send specially crafted UDP traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for Windows: 5.0.0 23168.0427 - 5.13.4 11835

Zoom Workplace App for Android: 5.0.1 23478.0429 - 5.13.4 11364

Zoom Workplace App for iOS: 5.0.0 23161.0427 - 5.13.4 6295

Zoom Workplace Desktop App for Linux: 5.1.418436.0628 - 5.13.4 711

Zoom Workplace Desktop App for macOS: 5.0.0 23186.0427 - 5.13.4 14461

CPE2.3

• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.0:23168.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.1:23502.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.2:24046.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.1:23478.0429:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.2:24050.0510:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_android:5.0.3:24973.0517:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.0:23161.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.1:23508.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_ios:5.0.2:24042.0509:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_linux:5.1.418436.0628:*:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_macos:5.0.0:23186.0427:*:*:*:*:*:*

External links

https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23002

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU77155

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28602

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper verification of cryptographic signature when upgrading Zoom. A remote attacker can downgrade Zoom Client components to previous versions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Zoom Workplace Desktop App for Windows: 5.0.0 23168.0427 - 5.13.4 11835

CPE2.3

• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.0:23168.0427:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.1:23502.0430:*:*:*:*:*:*
• cpe:2.3:a:zoom_video_communications:zoom_client_for_windows:5.0.2:24046.0510:*:*:*:*:*:*

External links

https://explore.zoom.us/en/trust/security/security-bulletin/#ZSB-23010

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.