CVE-2023-28597 – Zoom clients before version 5.13.5 have a vulne... (How to Fix)

Q: What is the severity of CVE-2023-28597?

CVE-2023-28597 has a CVSS score of 8.3 (HIGH). Zoom clients before version 5.13.5 have a vulnerability where saving recordings to SMB locations and opening them via Zoom's web portal can allow adjacent network attackers to intercept requests with malicious SMB servers. This enables remote code execution on the victim's device, affecting all Zoom users who save recordings to network shares.

📋 TL;DR

Zoom clients before version 5.13.5 have a vulnerability where saving recordings to SMB locations and opening them via Zoom's web portal can allow adjacent network attackers to intercept requests with malicious SMB servers. This enables remote code execution on the victim's device, affecting all Zoom users who save recordings to network shares.

💻 Affected Systems

Products:

Zoom Client

Versions: All versions prior to 5.13.5

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires victim to save recording to SMB location and later open via Zoom web portal link.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the victim's device, data exfiltration, and persistent access.

🟠

Likely Case

Attacker executes arbitrary code with user privileges, potentially installing malware, stealing credentials, or accessing sensitive files.

🟢

If Mitigated

No impact if Zoom is updated to patched version or workarounds preventing SMB recording access are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires attacker to be on same network segment as victim and requires user interaction (opening recording link).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.13.5 and later

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin/

Restart Required: Yes

Instructions:

1. Open Zoom client. 2. Click profile icon → Check for Updates. 3. Install version 5.13.5 or newer. 4. Restart Zoom client.

🔧 Temporary Workarounds

Disable SMB recording access

all

Prevent Zoom from accessing recordings via SMB protocol

Not applicable - configuration change only

Network segmentation

all

Isolate Zoom clients from potential malicious SMB servers

Configure firewall rules to block SMB traffic (ports 139/445) between Zoom clients and untrusted networks

🧯 If You Can't Patch

Do not save Zoom recordings to SMB network locations
Use VPN when accessing Zoom recordings from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check Zoom client version in Settings → About

Check Version:

On Windows: zoom.exe --version | On macOS: /Applications/zoom.us.app/Contents/Info.plist | On Linux: dpkg -l | grep zoom

Verify Fix Applied:

Confirm version is 5.13.5 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual SMB connections from Zoom process
Zoom accessing unexpected network shares

Network Indicators:

SMB traffic from Zoom clients to unknown IPs
Unexpected SMB server responses

SIEM Query:

process_name="zoom.exe" AND dest_port IN (139, 445)

📊 Metadata

CVE ID: CVE-2023-28597

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-501

Published: March 27, 2023

Last Updated: February 19, 2025

🔗 References

https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28597, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Rooms by Zoom

Virtual Desktop Infrastructure by Zoom

Zoom by Zoom

Zoom by Zoom

Zoom by Zoom

Zoom by Zoom

Zoom by Zoom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SMB recording access

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities