CVE-2023-36536: 
Zoom Rooms vulnerability analysis and mitigation

CVE-2023-36536 is a security vulnerability affecting Zoom Rooms for Windows versions prior to 5.15.0. The vulnerability was discovered and disclosed in July 2023, specifically related to an untrusted search path in the installer component. This security flaw affects the Windows platform implementation of Zoom Rooms software (NVD).

The vulnerability is classified as CWE-426 (Untrusted Search Path) with a CVSS v3.1 base score of 7.8 (High) according to NVD's assessment. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and requiring low privileges. Zoom's own assessment rated it slightly higher at 8.2 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability could allow an authenticated user to escalate privileges through local access to the system. This could potentially lead to unauthorized access to system resources and compromise the security of the affected system (Security Online).

The primary mitigation for this vulnerability is to update Zoom Rooms for Windows to version 5.15.0 or later. Zoom has released patches to address this security issue, and users are strongly recommended to keep their software up to date to receive the latest security improvements (Security Online).