CVE-2023-49647: 
NixOS vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2023-49647) was discovered in multiple Zoom Windows products, including Desktop Client, VDI Client, and SDKs, affecting versions before 5.16.10. The vulnerability was discovered by security researcher sim0nsecurity and publicly disclosed in January 2024 (Zoom Advisory, Security Online).

The vulnerability is characterized by improper access control mechanisms and has received a CVSS v3.1 base score of 8.8 (High), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. The vulnerability affects multiple Zoom products including the Desktop Client for Windows, VDI Client for Windows, and both Video and Meeting SDKs for Windows in versions prior to 5.16.10 (NVD).

The vulnerability could allow an authenticated user with local access to perform privilege escalation, potentially compromising the confidentiality, integrity, and availability of the affected system. This could lead to unauthorized actions and access within the system, posing a serious threat to the security of Zoom sessions and user data (Security Online).

Users are advised to update their Zoom software to version 5.16.10 or later to address this vulnerability. The fix has been implemented in the latest versions of all affected products. Updates can be downloaded from Zoom's official download page (Zoom Advisory).