Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023
Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Russian GRU-Linked APT Group Identified in Data Wiping Attacks – Active IOCs
June 15, 2023Rewterz Threat Alert – SideWinder APT Group – Active IOCs
June 16, 2023
Severity
Medium
Analysis Summary
CVE-2023-28598 CVSS:7.5
Zoom for Linux clients is vulnerable to a denial of service, caused by an HTML injection vulnerability. By persuading a victim to start a chat with a malicious user, a remote attacker could exploit this vulnerability to cause a Zoom application crash.
CVE-2023-28599 CVSS:3.5
Zoom clients is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-28600 CVSS:5.2
Zoom for MacOSclients could allow a local attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.
CVE-2023-28601 CVSS:8.3
Zoom for Windows clients could allow a remote attacker to bypass security restrictions, caused by an improper restriction of operations within the bounds of a memory buffer vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.
CVE-2023-28602 CVSS:2.8
Zoom for Windows clients is vulnerable to a denial of service, caused by an improper verification of cryptographic signature vulnerability. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to downgrade Zoom Client components to previous versions.
CVE-2023-28603 CVSS:7.7
Zoom VDI client installer could allow a local authenticated attacker to bypass security restrictions, caused by an improper access control vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to delete local files without proper permissions.
CVE-2023-34122 CVSS:7.3
Zoom for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34121 CVSS:4.1
Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34120 CVSS:8.7
Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-34115 CVSS:4
Zoom Meeting SDK is vulnerable to a denial of service, caused by buffer copy without checking size of input. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-34114 CVSS:6.5
Zoom for Windows and Zoom for MacOS clients could allow a remote attacker to obtain sensitive information, caused by exposure of resource to wrong sphere. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-34113 CVSS:8
Zoom for Windows clients could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insufficient verification of data authenticity. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Denial of Service
- Cross-Site Scripting
- Security Bypass
- Denial of Service
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-28598
- CVE-2023-28599
- CVE-2023-28600
- CVE-2023-28601
- CVE-2023-28602
- CVE-2023-28603
- CVE-2023-34122
- CVE-2023-34121
- CVE-2023-34120
- CVE-2023-34115
- CVE-2023-34114
- CVE-2023-34113
Affected Vendors
Zoom
Affected Products
- Zoom Meeting SDK 5.12.0
- Zoom Rooms for Windows 5.13.0
- Zoom VDI Windows Meeting clients 5.13.0
- Zoom for MacOSclients 5.13.0
- Zoom Rooms (for Android
- iOS
- Linux
- macOS
- and Windows) clients 5.13.4
- Zoom for Linux clients 5.13.9
- Zoom Rooms for Windows clients 5.13.2
Remediation
Refer to Zoom Security Bulletin for patch, upgrade or suggested workaround information.