CVE-2023-36539 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Zoom	CNA	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
zoom	meetings	5.15.0
zoom	meetings	5.15.1
zoom	rooms	5.15.0
zoom	rooms	5.15.0
zoom	rooms	5.15.0
zoom	video_software_development_kit	1.8.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.0
zoom	zoom	5.15.1
zoom	poly_ccx_700_firmware	5.15.0
zoom	poly_ccx_600_firmware	5.15.0
zoom	yealink_vp59_firmware	5.15.0
zoom	yealink_mp54_firmware	5.15.0
zoom	yealink_mp56_firmware	5.15.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

https://explore.zoom.us/en/trust/security/security-bulletin/

https://explore.zoom.us/en/trust/security/security-bulletin/