cvelistv5 - cve-2023-36539

CVE-2023-36539 (GCVE-0-2023-36539)

Vulnerability from cvelistv5 – Published: 2023-06-30 02:01 – Updated: 2024-10-28 13:04

Summary

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-325 - Missing Cryptographic Step

Assigner

Zoom

References

URL

Tags

https://explore.zoom.us/en/trust/security/securit…

Impacted products

	Vendor	Product	Version
	Zoom Video Communications, Inc.	Zoom clients	Affected: See references link for ZSB-23025

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:52.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T13:04:31.982326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T13:04:46.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Zoom clients",
          "vendor": "Zoom Video Communications, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See references link for ZSB-23025"
            }
          ]
        }
      ],
      "datePublic": "2023-06-30T02:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(247, 247, 250);\"\u003eExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\u003c/span\u003e"
            }
          ],
          "value": "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "CWE-325 Missing Cryptographic Step",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:25:53.635Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2023-36539",
    "datePublished": "2023-06-30T02:01:21.401Z",
    "dateReserved": "2023-06-22T18:04:31.169Z",
    "dateUpdated": "2024-10-28T13:04:46.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*\", \"matchCriteriaId\": \"B19B33AC-0C62-48B8-974F-EBB94700432E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*\", \"matchCriteriaId\": \"64EC33E5-F6E4-4845-B181-52DEC0E707BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E3E84645-EF69-4A61-B946-5DEEDD27A85E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*\", \"matchCriteriaId\": \"1735FAF3-E7B4-4615-92AD-5BA3399F6D55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"2FFA4C37-4EFB-42F5-98BE-811F413113F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"ABB880FF-8853-45AE-818A-23CECB48E030\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84A39B46-A23B-4194-BDBF-16C337ADD1D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*\", \"matchCriteriaId\": \"A47C1AC4-3092-41BE-8BB3-BABCD2ADC350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*\", \"matchCriteriaId\": \"F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*\", \"matchCriteriaId\": \"502FC5A5-08CE-464F-A39E-FB16476F7B02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"8AB43228-B469-46D9-BE1E-F7BCCC777F34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"E7777FBA-8B77-430F-8B64-AFB14E517179\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEC1BF64-379E-4623-9F5F-EC37D9AE8928\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27D5E538-97CB-4F05-B8FC-AC6497425E78\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E12A046-159E-4E45-954F-57A0C43938F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A85D6BC1-E736-487F-8C02-C54B49F7C8B2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE053959-5DE3-4954-8FD5-7D15FA77BC77\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C661E9DF-1D17-408A-95D9-DE5D941EC93B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33909C-EB63-4234-A2B5-6F6D39EB8ACB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F942425-D356-47BA-95A6-61E1FD5029F4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C96F0F-E282-427B-92C7-225252952F3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5097727-AE57-436F-B7EF-E93BD96B2E23\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\"}, {\"lang\": \"es\", \"value\": \"La exposici\\u00f3n de informaci\\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\\u00f3n de informaci\\u00f3n sensible.\"}]",
      "id": "CVE-2023-36539",
      "lastModified": "2024-11-21T08:09:53.833",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zoom.us\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-06-30T03:15:09.747",
      "references": "[{\"url\": \"https://explore.zoom.us/en/trust/security/security-bulletin/\", \"source\": \"security@zoom.us\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://explore.zoom.us/en/trust/security/security-bulletin/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@zoom.us",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@zoom.us\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-325\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-326\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-36539\",\"sourceIdentifier\":\"security@zoom.us\",\"published\":\"2023-06-30T03:15:09.747\",\"lastModified\":\"2024-11-21T08:09:53.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\"},{\"lang\":\"es\",\"value\":\"La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-325\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"B19B33AC-0C62-48B8-974F-EBB94700432E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*\",\"matchCriteriaId\":\"64EC33E5-F6E4-4845-B181-52DEC0E707BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E3E84645-EF69-4A61-B946-5DEEDD27A85E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*\",\"matchCriteriaId\":\"1735FAF3-E7B4-4615-92AD-5BA3399F6D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"2FFA4C37-4EFB-42F5-98BE-811F413113F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"ABB880FF-8853-45AE-818A-23CECB48E030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84A39B46-A23B-4194-BDBF-16C337ADD1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"A47C1AC4-3092-41BE-8BB3-BABCD2ADC350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*\",\"matchCriteriaId\":\"F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"502FC5A5-08CE-464F-A39E-FB16476F7B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"8AB43228-B469-46D9-BE1E-F7BCCC777F34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"E7777FBA-8B77-430F-8B64-AFB14E517179\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEC1BF64-379E-4623-9F5F-EC37D9AE8928\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D5E538-97CB-4F05-B8FC-AC6497425E78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E12A046-159E-4E45-954F-57A0C43938F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A85D6BC1-E736-487F-8C02-C54B49F7C8B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE053959-5DE3-4954-8FD5-7D15FA77BC77\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C661E9DF-1D17-408A-95D9-DE5D941EC93B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33909C-EB63-4234-A2B5-6F6D39EB8ACB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F942425-D356-47BA-95A6-61E1FD5029F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C96F0F-E282-427B-92C7-225252952F3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5097727-AE57-436F-B7EF-E93BD96B2E23\"}]}]}],\"references\":[{\"url\":\"https://explore.zoom.us/en/trust/security/security-bulletin/\",\"source\":\"security@zoom.us\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://explore.zoom.us/en/trust/security/security-bulletin/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://explore.zoom.us/en/trust/security/security-bulletin/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:52:52.360Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-36539\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T13:04:31.982326Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T13:04:40.904Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zoom Video Communications, Inc.\", \"product\": \"Zoom clients\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references link for ZSB-23025\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-06-30T02:00:00.000Z\", \"references\": [{\"url\": \"https://explore.zoom.us/en/trust/security/security-bulletin/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(247, 247, 250);\\\"\u003eExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-325\", \"description\": \"CWE-325 Missing Cryptographic Step\"}]}], \"providerMetadata\": {\"orgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"shortName\": \"Zoom\", \"dateUpdated\": \"2024-09-18T18:25:53.635Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-36539\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T13:04:46.477Z\", \"dateReserved\": \"2023-06-22T18:04:31.169Z\", \"assignerOrgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"datePublished\": \"2023-06-30T02:01:21.401Z\", \"assignerShortName\": \"Zoom\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-1607

Vulnerability from csaf_certbund - Published: 2023-06-29 22:00 - Updated: 2023-06-29 22:00

Summary

Zoom Video Communications Zoom Client: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Zoom bietet Kommunikationssoftware, die Videokonferenzen, Online-Besprechungen, Chat und mobile Zusammenarbeit kombiniert.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Zoom Video Communications Zoom Client ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Zoom bietet Kommunikationssoftware, die Videokonferenzen, Online-Besprechungen, Chat und mobile Zusammenarbeit kombiniert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Zoom Video Communications Zoom Client ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1607 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1607.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1607 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1607"
      },
      {
        "category": "external",
        "summary": "Zoom Security Bulletin vom 2023-06-29",
        "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
      }
    ],
    "source_lang": "en-US",
    "title": "Zoom Video Communications Zoom Client: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-06-29T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:53:57.912+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1607",
      "initial_release_date": "2023-06-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Zoom Video Communications Zoom Client 5.15.0",
                "product": {
                  "name": "Zoom Video Communications Zoom Client 5.15.0",
                  "product_id": "T028375",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:zoom_client:5.15.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Zoom Video Communications Zoom Client windows 5.15.1",
                "product": {
                  "name": "Zoom Video Communications Zoom Client windows 5.15.1",
                  "product_id": "T028376",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zoom:zoom_client:windows_5.15.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Zoom Client"
          }
        ],
        "category": "vendor",
        "name": "Zoom Video Communications"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-36539",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Zoom Video Communications Zoom Client. In-Meeting-Chat-Nachrichten werden mit einem separaten Schl\u00fcssel pro Meeting verschl\u00fcsselt und dann zwischen Benutzerger\u00e4ten und Zoom mit TLS-Verschl\u00fcsselung \u00fcbertragen. Bei den betroffenen Produkten wird au\u00dferdem eine Kopie jeder Chat-Nachricht w\u00e4hrend eines Meetings nur mit TLS und nicht mit dem Schl\u00fcssel pro Meeting verschl\u00fcsselt gesendet. Ein Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028375",
          "T028376"
        ]
      },
      "release_date": "2023-06-29T22:00:00.000+00:00",
      "title": "CVE-2023-36539"
    }
  ]
}

GHSA-9225-WWJ6-C3W3

Vulnerability from github – Published: 2023-06-30 03:30 – Updated: 2024-04-04 05:18

Details

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-30T03:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n",
  "id": "GHSA-9225-wwj6-c3w3",
  "modified": "2024-04-04T05:18:36Z",
  "published": "2023-06-30T03:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36539"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-36539

Vulnerability from fkie_nvd - Published: 2023-06-30 03:15 - Updated: 2024-11-21 08:09

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

References

	URL	Tags
	security@zoom.us	https://explore.zoom.us/en/trust/security/security-bulletin/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://explore.zoom.us/en/trust/security/security-bulletin/	Vendor Advisory

Impacted products

Vendor	Product	Version
zoom	meetings	5.15.0
zoom	meetings	5.15.0
zoom	meetings	5.15.0
zoom	meetings	5.15.1
zoom	rooms	5.15.0
zoom	rooms	5.15.0
zoom	rooms	5.15.0
zoom	video_software_development_kit	1.8.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.1
zoom	poly_ccx_700_firmware	5.15.0
zoom	poly_ccx_700	-
zoom	poly_ccx_600_firmware	5.15.0
zoom	poly_ccx_600	-
zoom	yealink_vp59_firmware	5.15.0
zoom	yealink_vp59	-
zoom	yealink_mp54_firmware	5.15.0
zoom	yealink_mp54	-
zoom	yealink_mp56_firmware	5.15.0
zoom	yealink_mp56	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "B19B33AC-0C62-48B8-974F-EBB94700432E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "64EC33E5-F6E4-4845-B181-52DEC0E707BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*",
              "matchCriteriaId": "F566F4A2-7A6F-4ECC-BD73-1F63AE4030B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "E3E84645-EF69-4A61-B946-5DEEDD27A85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*",
              "matchCriteriaId": "1735FAF3-E7B4-4615-92AD-5BA3399F6D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*",
              "matchCriteriaId": "2FFA4C37-4EFB-42F5-98BE-811F413113F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ABB880FF-8853-45AE-818A-23CECB48E030",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A39B46-A23B-4194-BDBF-16C337ADD1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "A47C1AC4-3092-41BE-8BB3-BABCD2ADC350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "F6FC3EA3-DAD3-4D9E-8EF3-5CAC1A54EE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "502FC5A5-08CE-464F-A39E-FB16476F7B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*",
              "matchCriteriaId": "8AB43228-B469-46D9-BE1E-F7BCCC777F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "36AA507D-1B5D-42A3-A0BD-0D5FAA6AE3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "E7777FBA-8B77-430F-8B64-AFB14E517179",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC1BF64-379E-4623-9F5F-EC37D9AE8928",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D5E538-97CB-4F05-B8FC-AC6497425E78",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E12A046-159E-4E45-954F-57A0C43938F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85D6BC1-E736-487F-8C02-C54B49F7C8B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE053959-5DE3-4954-8FD5-7D15FA77BC77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C661E9DF-1D17-408A-95D9-DE5D941EC93B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33909C-EB63-4234-A2B5-6F6D39EB8ACB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F942425-D356-47BA-95A6-61E1FD5029F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C96F0F-E282-427B-92C7-225252952F3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5097727-AE57-436F-B7EF-E93BD96B2E23",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information."
    },
    {
      "lang": "es",
      "value": "La exposici\u00f3n de informaci\u00f3n destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2023-36539",
  "lastModified": "2024-11-21T08:09:53.833",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "security@zoom.us",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-30T03:15:09.747",
  "references": [
    {
      "source": "security@zoom.us",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
    }
  ],
  "sourceIdentifier": "security@zoom.us",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-325"
        }
      ],
      "source": "security@zoom.us",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-36539

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Aliases

CVE-2023-36539

Aliases

CVE-2023-36539

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-36539",
    "id": "GSD-2023-36539"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-36539"
      ],
      "details": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n",
      "id": "GSD-2023-36539",
      "modified": "2023-12-13T01:20:34.506762Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@zoom.us",
        "ID": "CVE-2023-36539",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Zoom clients",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "See references link for ZSB-23025"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Zoom Video Communications, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Exposure of Sensitive Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
            "refsource": "MISC",
            "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zoom:video_software_development_kit:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:android:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:meetings:5.15.0:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:meetings:5.15.1:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:android:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:ipad_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:rooms:5.15.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.1:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zoom:zoom:5.15.0:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@zoom.us",
          "ID": "CVE-2023-36539"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nExposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-326"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://explore.zoom.us/en/trust/security/security-bulletin/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-10T13:29Z",
      "publishedDate": "2023-06-30T03:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-36539 (GCVE-0-2023-36539)

WID-SEC-W-2023-1607

GHSA-9225-WWJ6-C3W3

FKIE_CVE-2023-36539

GSD-2023-36539

Tags

Sightings

Nomenclature