cvedb.io
CVE-2023-28597
HIGH · CVSS 8.3
EPSS exploitation probability: 0%
Published 2023-03-27T21:15:12.260 · Last modified 2026-06-17T05:48:20.737

Summary

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Affected products

zoom — rooms

Does this affect you?

Add your gear to cvedb and we'll alert you only when zoom ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.