CVE-2023-34120: 
Zoom Client vulnerability analysis and mitigation

Improper privilege management vulnerability (CVE-2023-34120) affects Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before version 5.14.0. The vulnerability was discovered and disclosed in June 2023, allowing authenticated users to potentially enable privilege escalation through local access (NVD, CVE).

The vulnerability stems from improper privilege management in the affected Zoom clients, where users could potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) from NIST and 8.7 (High) from Zoom Video Communications, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow authenticated users to gain elevated system privileges through local access, potentially compromising system security by enabling unauthorized access to sensitive system resources and functions (Security Online).

The vulnerability has been fixed in Zoom version 5.14.0 and later releases. Users are recommended to update to the latest version of the Zoom software to receive the security fix (Security Online).