CVE-2023-34118: 
Zoom Rooms vulnerability analysis and mitigation

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 was identified as a high-severity vulnerability (CVE-2023-34118). This security flaw allows an authenticated user to enable an escalation of privilege through local access (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Zoom Video Communications assessed it with a slightly lower CVSS score of 7.3 (High) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L. The vulnerability is related to CWE-250 (Execution with Unnecessary Privileges) (NVD).

If exploited, this vulnerability could allow an authenticated user with local access to escalate their privileges on the affected system, potentially gaining unauthorized access to sensitive system resources and data (SOCRadar).

The vulnerability has been patched in Zoom Rooms for Windows version 5.14.5. Users are strongly advised to update their Zoom Rooms software to this version or later to mitigate the risk. The update can be obtained from the official Zoom download page (Security Online).