{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-43586","assignerOrgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","state":"PUBLISHED","assignerShortName":"Zoom","dateReserved":"2023-09-19T22:05:40.665Z","datePublished":"2023-12-13T22:17:48.264Z","dateUpdated":"2026-02-25T16:34:33.938Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows","vendor":"Zoom Video Communications, Inc.","versions":[{"status":"affected","version":"See references"}]}],"datePublic":"2023-12-12T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."}],"value":"Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","shortName":"Zoom","dateUpdated":"2023-12-13T22:17:48.264Z"},"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:44:43.849Z"},"title":"CVE Program Container","references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-43586","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2023-12-14T05:00:12.943526Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T16:34:33.938Z"}}]}}