Vulnerability Description
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoom | Meetings | <= 4.6.9 |
Related Weaknesses (CWE)
References
- https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-theExploitThird Party Advisory
- https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-aPress/Media CoverageThird Party Advisory
- https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-theExploitThird Party Advisory
- https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-aPress/Media CoverageThird Party Advisory
FAQ
What is CVE-2020-11500?
CVE-2020-11500 is a vulnerability with a CVSS score of 7.5 (HIGH). Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
How severe is CVE-2020-11500?
CVE-2020-11500 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11500?
Check the references section above for vendor advisories and patch information. Affected products include: Zoom Meetings.