CVE-2023-43582: 
NixOS vulnerability analysis and mitigation

CVE-2023-43582 is a vulnerability discovered in Zoom clients that involves improper authorization, potentially allowing an authorized user to conduct an escalation of privilege through network access. The vulnerability was disclosed on November 14, 2023, affecting multiple Zoom client versions across various platforms including Android, iOS, Linux, macOS, and Windows, as well as Zoom Rooms and Virtual Desktop Infrastructure installations prior to version 5.16.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST, with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network-based attack vector, low attack complexity, low privileges required, and no user interaction needed. However, Zoom's own assessment rated it as medium severity with a CVSS score of 5.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). The vulnerability is classified under CWE-287 (Improper Authentication) and CWE-939 (Improper Authorization in Handler for Custom URL Scheme) (NVD).

If exploited, this vulnerability could lead to high impacts on confidentiality, integrity, and availability of the affected systems, as indicated by the CVSS metrics. The successful exploitation could allow an authorized user to elevate their privileges through network access, potentially compromising system security (NVD).

The vulnerability has been addressed in Zoom client version 5.16.0 and later releases. Users are recommended to update to the latest version of Zoom software to receive the security fixes. This applies to all affected platforms including Android, iOS, Linux, macOS, Windows, Zoom Rooms, and Virtual Desktop Infrastructure installations (Zoom Advisory).