CVE-2019-13567
Description
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or cant be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.509
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-11443,CVE-2019-13567 are fixed in Zoom (x64) (5.15.7.20303) | Windows |
| Vulnerabilities CVE-2020-11443,CVE-2019-13567 are fixed in Zoom (5.15.7.20303) | Windows |
| Vulnerabilities CVE-2019-13567 are fixed in Zoom for MAC 4.6.10 | Mac |
| Vulnerabilities CVE-2019-13567 are affected in Zoom for MAC (Apple Silicon) 4.4.53909.0617 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-332244 | Zoom (x64) (5.15.7.20303) |
| PATCH-332243 | Zoom (5.15.7.20303) |
| PATCH-611908 | Zoom IT for MAC (Intel) (6.5.12.63499) |
| PATCH-611910 | Zoom IT for MAC (Apple Silicon) (6.5.12.63499) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234