CVE-2020-11500
First published: Fri Apr 03 2020(Updated: )
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <=4.6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoom security issue?
The vulnerability ID for this Zoom security issue is CVE-2020-11500.
What is the severity rating of CVE-2020-11500?
CVE-2020-11500 has a severity rating of 7.5 (high).
What is the description of CVE-2020-11500?
CVE-2020-11500 is a vulnerability in Zoom Client for Meetings through version 4.6.9 which uses the ECB mode of AES for video and audio encryption, making it less secure.
Which software versions are affected by CVE-2020-11500?
Zoom Meetings version 4.6.9 and below are affected by CVE-2020-11500.
How can I fix CVE-2020-11500?
To fix CVE-2020-11500, you should update Zoom Client for Meetings to a version above 4.6.9 that does not use ECB mode for encryption, and enforce strong encryption protocols.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zoom
- canonical/zoom meetings
- version/zoom meetings/4.6.9