Rewterz Threat Alert – Russian GRU-Linked APT Group Identified in Data Wiping Attacks – Active IOCs
June 15, 2023Rewterz Threat Alert – SideWinder APT Group – Active IOCs
June 16, 2023Rewterz Threat Alert – Russian GRU-Linked APT Group Identified in Data Wiping Attacks – Active IOCs
June 15, 2023Rewterz Threat Alert – SideWinder APT Group – Active IOCs
June 16, 2023Severity
Medium
Analysis Summary
CVE-2023-28598 CVSS:7.5
Zoom for Linux clients is vulnerable to a denial of service, caused by an HTML injection vulnerability. By persuading a victim to start a chat with a malicious user, a remote attacker could exploit this vulnerability to cause a Zoom application crash.
CVE-2023-28599 CVSS:3.5
Zoom clients is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28600 CVSS:5.2
Zoom for MacOSclients could allow a local attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.
CVE-2023-28601 CVSS:8.3
Zoom for Windows clients could allow a remote attacker to bypass security restrictions, caused by an improper restriction of operations within the bounds of a memory buffer vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.
CVE-2023-28602 CVSS:2.8
Zoom for Windows clients is vulnerable to a denial of service, caused by an improper verification of cryptographic signature vulnerability. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to downgrade Zoom Client components to previous versions.
CVE-2023-28603 CVSS:7.7
Zoom VDI client installer could allow a local authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to delete local files without proper permissions.
CVE-2023-34122 CVSS:7.3
Zoom for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34121 CVSS:4.1
Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34120 CVSS:8.7
Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34115 CVSS:4
Zoom Meeting SDK is vulnerable to a denial of service, caused by buffer copy without checking size of input. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-34114 CVSS:6.5
Zoom for Windows and Zoom for MacOS clients could allow a remote attacker to obtain sensitive information, caused by exposure of resource to wrong sphere. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-34113 CVSS:8
Zoom for Windows clients could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient verification of data authenticity. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Denial of Service
- Cross-Site Scripting
- Security Bypass
- Denial of Service
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-28598
- CVE-2023-28599
- CVE-2023-28600
- CVE-2023-28601
- CVE-2023-28602
- CVE-2023-28603
- CVE-2023-34122
- CVE-2023-34121
- CVE-2023-34120
- CVE-2023-34115
- CVE-2023-34114
- CVE-2023-34113
Affected Vendors
Zoom
Affected Products
- Zoom Meeting SDK 5.12.0
- Zoom Rooms for Windows 5.13.0
- Zoom VDI Windows Meeting clients 5.13.0
- Zoom for MacOSclients 5.13.0
- Zoom Rooms (for Android
- iOS
- Linux
- macOS
- and Windows) clients 5.13.4
- Zoom for Linux clients 5.13.9
- Zoom Rooms for Windows clients 5.13.2
Remediation
Refer to Zoom Security Bulletin for patch, upgrade or suggested workaround information.