Meetings
CVE-2020-11500
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
AnalysisAI
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-327. Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. Affected products include: Zoom Meetings. Version information: through 4.6.9.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during install
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC e
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of a
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate informa
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly cons
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via netwo
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before ver
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly pars
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. Rate
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. Ra
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today