CVE-2023-28597 - OpenCVE

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zoom	Virtual Desktop Infrastructure Rooms Zoom
Microsoft	Windows

Configuration 1 [-]

OR	cpe:2.3:a:zoom:rooms::::::android::*
	cpe:2.3:a:zoom:rooms::::::iphone_os::*
	cpe:2.3:a:zoom:rooms::::::linux_kernel::*
	cpe:2.3:a:zoom:rooms::::::macos::*
	cpe:2.3:a:zoom:rooms::::::windows::*
	cpe:2.3:a:zoom:zoom::::::android::*
	cpe:2.3:a:zoom:zoom::::::iphone_os::*
	cpe:2.3:a:zoom:zoom::::::linux_kernel::*
	cpe:2.3:a:zoom:zoom::::::macos::*
	cpe:2.3:a:zoom:zoom::::::windows::*

Configuration 2 [-]

AND

cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://explore.zoom.us/en/trust/security/security-bulletin/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zoom

Published: 2023-03-27T00:00:00

Updated: 2023-03-27T00:00:00

Reserved: 2023-03-17T00:00:00

Link: CVE-2023-28597

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-27T21:15:12.260

Modified: 2023-04-03T14:22:09.760

Link: CVE-2023-28597

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28597", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "assignerShortName": "Zoom", "dateUpdated": "2023-03-27T00:00:00", "dateReserved": "2023-03-17T00:00:00", "datePublished": "2023-03-27T00:00:00"}, "containers": {"cna": {"title": "Improper trust boundary implementation for SMB in Zoom Clients", "datePublic": "2023-03-14T00:00:00", "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2023-03-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution."}], "affected": [{"vendor": "Zoom Video Communications Inc", "product": "Zoom (for Android, iOS, Linux, macOS, and Windows)", "versions": [{"version": "unspecified", "lessThan": "5.13.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Zoom Video Communications Inc", "product": "Zoom Rooms (for Android, iOS, Linux, macOS, and Windows)", "versions": [{"version": "unspecified", "lessThan": "5.13.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Zoom Video Communications Inc", "product": "Zoom VDI for Windows", "versions": [{"version": "unspecified", "lessThan": "5.13.10", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-501: Trust Boundary Violation", "cweId": "CWE-501"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", "matchCriteriaId": "9A22E1F9-8302-4990-8118-4A2D6A38A605", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "2F296A18-F2FE-44F8-A803-F5CEE0FEE3CD", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "BD7706B3-16ED-44E8-B41C-C55E8C715713", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", "matchCriteriaId": "17083D16-FEE1-4DE4-8EBC-FBCA89AC3DD1", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", "matchCriteriaId": "186D705B-003C-4991-93FC-AA71C1656C68", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", "matchCriteriaId": "54800A16-98E2-4903-B2B0-D5C66C4AC845", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "35139855-F16B-4149-88EE-05C0C4040C38", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "1C4200BC-CF56-4795-80EF-0E4D3A43F883", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", "matchCriteriaId": "A31F4838-E56D-4C7E-BA09-17E10D54A273", "versionEndExcluding": "5.13.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", "matchCriteriaId": "DDDF143E-324E-4D0C-83D1-2E66DDE760E2", "versionEndExcluding": "5.13.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FB64BAF-EB86-40B9-A123-7C1C7EFDE5AC", "versionEndExcluding": "5.13.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom\u2019s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution."}], "id": "CVE-2023-28597", "lastModified": "2023-04-03T14:22:09.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2023-03-27T21:15:12.260", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-501"}], "source": "security@zoom.us", "type": "Secondary"}]}