Login Sign Up

CVE-2023-36534

9.3 CRITICAL
Path Traversal

📋 TL;DR

A path traversal vulnerability in Zoom Desktop Client for Windows allows unauthenticated attackers to escalate privileges via network access. This affects Windows users running Zoom versions before 5.14.7, potentially enabling attackers to execute arbitrary code with elevated permissions.

💻 Affected Systems

Products:
  • Zoom Desktop Client
Versions: All versions before 5.14.7
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows version of Zoom Desktop Client. Zoom Rooms, mobile apps, and web client are not affected.

📦 What is this software?

Zoom by Zoom

View all CVEs affecting Zoom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution with SYSTEM/administrator privileges, leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative access to the Windows system, install malware, or access sensitive files.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking malicious traffic.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication via network access.
🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CWE-22 path traversal vulnerabilities typically have low exploitation complexity. The advisory states unauthenticated exploitation is possible via network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.14.7 or later

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin/

Restart Required: Yes

Instructions:

1. Open Zoom Desktop Client. 2. Click profile picture → Check for Updates. 3. Install version 5.14.7 or newer. 4. Restart Zoom and computer if prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Zoom client network access to only necessary Zoom services using firewall rules.

Disable Automatic Updates Check

windows

Temporarily disable Zoom's ability to check for updates from network to prevent exploitation vector.

Navigate to Zoom settings → General → Uncheck 'Automatically keep Zoom updated'

🧯 If You Can't Patch

  • Uninstall Zoom Desktop Client and use web client version instead
  • Implement application whitelisting to prevent unauthorized process execution

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in Settings → About Zoom. If version is below 5.14.7, system is vulnerable.

Check Version:

wmic product where name="Zoom" get version

Verify Fix Applied:

Confirm Zoom version is 5.14.7 or higher in Settings → About Zoom.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Zoom process spawning with elevated privileges
  • Zoom accessing unexpected file system locations

Network Indicators:

  • Unusual network connections from Zoom process to non-Zoom domains/IPs
  • Zoom process making unexpected HTTP requests

SIEM Query:

process_name="Zoom.exe" AND (parent_process!="explorer.exe" OR integrity_level="System")

📊 Metadata

CVE ID: CVE-2023-36534
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
CWE: CWE-22
Published: August 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36534, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)