CVE-2023-36539

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://explore.zoom.us/en/trust/security/security-bulletin/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zoom:meetings:5.15.0:::::android::
	cpe:2.3:a:zoom:meetings:5.15.0:::::iphone_os::
	cpe:2.3:a:zoom:meetings:5.15.0:::::macos::
	cpe:2.3:a:zoom:meetings:5.15.1:::::windows::
	cpe:2.3:a:zoom:rooms:5.15.0:::::ipad_os::
	cpe:2.3:a:zoom:rooms:5.15.0:::::macos::
	cpe:2.3:a:zoom:rooms:5.15.0:::::windows::
	cpe:2.3:a:zoom:video_software_development_kit:1.8.0:::::::*
	cpe:2.3:a:zoom:zoom:5.15.0:::::android::
	cpe:2.3:a:zoom:zoom:5.15.0:::::iphone_os::
	cpe:2.3:a:zoom:zoom:5.15.0:::::linux::
	cpe:2.3:a:zoom:zoom:5.15.0:::::macos::
	cpe:2.3:a:zoom:zoom:5.15.0:::::windows::
	cpe:2.3:a:zoom:zoom:5.15.1:::::windows::

Configuration 2 (hide)

AND

cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:poly_ccx_700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:poly_ccx_600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:yealink_vp59:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:yealink_mp54:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zoom:yealink_mp56:-:*:*:*:*:*:*:*

History

10 Jul 2023, 13:29

Type	Values Removed	Values Added
First Time		Zoom video Software Development Kit Zoom poly Ccx 600 Zoom poly Ccx 600 Firmware Zoom yealink Mp54 Firmware Zoom yealink Mp56 Firmware Zoom yealink Vp59 Firmware Zoom meetings Zoom rooms Zoom yealink Mp56 Zoom zoom Zoom poly Ccx 700 Zoom poly Ccx 700 Firmware Zoom yealink Mp54 Zoom Zoom yealink Vp59
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ -~~	(MISC) https://explore.zoom.us/en/trust/security/security-bulletin/ - Vendor Advisory
CPE		cpe:2.3:o:zoom:poly_ccx_700_firmware:5.15.0:::::::* cpe:2.3:a:zoom:meetings:5.15.0:::::macos:: cpe:2.3:a:zoom:video_software_development_kit:1.8.0:::::::* cpe:2.3:h:zoom:poly_ccx_700:-:::::::* cpe:2.3:a:zoom:meetings:5.15.0:::::iphone_os:: cpe:2.3:a:zoom:rooms:5.15.0:::::macos:: cpe:2.3:a:zoom:zoom:5.15.0:::::linux:: cpe:2.3:o:zoom:poly_ccx_600_firmware:5.15.0:::::::* cpe:2.3:a:zoom:zoom:5.15.0:::::macos:: cpe:2.3:a:zoom:zoom:5.15.0:::::android:: cpe:2.3:a:zoom:zoom:5.15.1:::::windows:: cpe:2.3:a:zoom:zoom:5.15.0:::::iphone_os:: cpe:2.3:a:zoom:rooms:5.15.0:::::ipad_os:: cpe:2.3:a:zoom:meetings:5.15.0:::::android:: cpe:2.3:h:zoom:yealink_mp54:-:::::::* cpe:2.3:o:zoom:yealink_vp59_firmware:5.15.0:::::::* cpe:2.3:a:zoom:meetings:5.15.1:::::windows:: cpe:2.3:h:zoom:yealink_vp59:-:::::::* cpe:2.3:a:zoom:rooms:5.15.0:::::windows:: cpe:2.3:o:zoom:yealink_mp54_firmware:5.15.0:::::::* cpe:2.3:h:zoom:yealink_mp56:-:::::::* cpe:2.3:h:zoom:poly_ccx_600:-:::::::* cpe:2.3:a:zoom:zoom:5.15.0:::::windows:: cpe:2.3:o:zoom:yealink_mp56_firmware:5.15.0:::::::*
CWE		CWE-326

30 Jun 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-30 03:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-36539

Mitre link : CVE-2023-36539

CVE.ORG link : CVE-2023-36539

JSON object : View

Products Affected

zoom

rooms
poly_ccx_700
video_software_development_kit
yealink_mp54_firmware
yealink_mp56_firmware
poly_ccx_600_firmware
yealink_vp59_firmware
poly_ccx_600
meetings
poly_ccx_700_firmware
yealink_mp54
yealink_mp56
yealink_vp59
zoom

CWE

CWE-326

Inadequate Encryption Strength

7.5 /10