CVE-2023-39213 – This vulnerability in Zoom Desktop Client for W... (How to Fix)

Q: What is the severity of CVE-2023-39213?

CVE-2023-39213 has a CVSS score of 9.6 (CRITICAL). This vulnerability in Zoom Desktop Client for Windows and Zoom VDI Client allows an unauthenticated attacker to escalate privileges via network access by exploiting improper neutralization of special elements. It affects users running vulnerable versions before 5.15.2, potentially enabling unauthorized system access.

📋 TL;DR

This vulnerability in Zoom Desktop Client for Windows and Zoom VDI Client allows an unauthenticated attacker to escalate privileges via network access by exploiting improper neutralization of special elements. It affects users running vulnerable versions before 5.15.2, potentially enabling unauthorized system access.

💻 Affected Systems

Products:

Zoom Desktop Client for Windows
Zoom VDI Client

Versions: All versions before 5.15.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows versions of Zoom clients. Zoom VDI client also affected.

📦 What is this software?

Virtual Desktop Infrastructure by Zoom

View all CVEs affecting Virtual Desktop Infrastructure →

Zoom by Zoom

View all CVEs affecting Zoom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An unauthenticated remote attacker could gain SYSTEM-level privileges on affected Windows systems, leading to complete compromise of the endpoint.

🟠

Likely Case

Attackers could gain elevated privileges on Zoom client systems, potentially installing malware, stealing credentials, or pivoting to other network resources.

🟢

If Mitigated

With proper network segmentation and endpoint protection, impact could be limited to isolated systems without lateral movement capabilities.

🌐 Internet-Facing: HIGH - Unauthenticated network access requirement makes internet-facing systems particularly vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal systems could be targeted via internal network access, but requires attacker to already have some network foothold.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-176 indicates improper neutralization of special elements, suggesting relatively straightforward exploitation once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.15.2 and later

Vendor Advisory: https://explore.zoom.us/en/trust/security/security-bulletin/

Restart Required: Yes

Instructions:

1. Open Zoom client. 2. Click profile picture. 3. Select 'Check for Updates'. 4. Install version 5.15.2 or later. 5. Restart Zoom client.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Zoom clients using firewall rules to limit exposure.

Disable Unnecessary Features

windows

Disable Zoom features not required for business use to reduce attack surface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Zoom clients from critical systems
Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Zoom client version in Settings > About. If version is below 5.15.2, system is vulnerable.

Check Version:

wmic product where name='Zoom' get version

Verify Fix Applied:

Confirm Zoom client version is 5.15.2 or higher in Settings > About.

📡 Detection & Monitoring

Log Indicators:

Unusual Zoom process spawning with elevated privileges
Zoom client crash logs with memory corruption indicators

Network Indicators:

Unusual network connections to Zoom clients from unexpected sources
Network traffic patterns matching known exploit attempts

SIEM Query:

EventID=4688 AND ProcessName LIKE '%zoom%' AND NewProcessName LIKE '%cmd%' OR NewProcessName LIKE '%powershell%'

📊 Metadata

CVE ID: CVE-2023-39213

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-176

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory
https://explore.zoom.us/en/trust/security/security-bulletin/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39213, you might also want to check these: