First published: Fri Apr 03 2020(Updated: )
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zoom Meetings | <=4.6.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Zoom security issue is CVE-2020-11500.
CVE-2020-11500 has a severity rating of 7.5 (high).
CVE-2020-11500 is a vulnerability in Zoom Client for Meetings through version 4.6.9 which uses the ECB mode of AES for video and audio encryption, making it less secure.
Zoom Meetings version 4.6.9 and below are affected by CVE-2020-11500.
To fix CVE-2020-11500, you should update Zoom Client for Meetings to a version above 4.6.9 that does not use ECB mode for encryption, and enforce strong encryption protocols.