vulnerability

Zoom Zoom: CVE-2023-28602: Improper Verification of Cryptographic Signature in Zoom Clients

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:S/C:N/I:P/A:N)	Jun 13, 2023	Jan 8, 2025	Feb 9, 2026

Severity

CVSS

(AV:L/AC:M/Au:S/C:N/I:P/A:N)

Published

Jun 13, 2023

Added

Jan 8, 2025

Modified

Feb 9, 2026

Description

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates fromhttps://zoom.us/download.

Solution

zoom-zoom-upgrade-latest

References

CVE-2023-28602
https://attackerkb.com/topics/CVE-2023-28602
URL-https://www.zoom.com/en/trust/security-bulletin/ZSB-23010
CWE-347

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today