CVE-2020-6109: Path Traversal
First published: Mon Jun 08 2020(Updated: )
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom | =4.6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-6109?
CVE-2020-6109 is a path traversal vulnerability in the Zoom client version 4.6.10 that allows arbitrary file write and potential code execution.
What is the severity of CVE-2020-6109?
CVE-2020-6109 has a severity rating of 9.8, which is classified as critical.
How does CVE-2020-6109 affect the Zoom client?
CVE-2020-6109 affects the Zoom client version 4.6.10 and allows an attacker to send a specially crafted chat message that triggers the vulnerability.
Is there a fix for CVE-2020-6109?
Currently, there is no known fix or patch for CVE-2020-6109. It is recommended to update the Zoom client to the latest version available.
Where can I find more information about CVE-2020-6109?
More information about CVE-2020-6109 can be found at the following link: [https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055](https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055)
- collector/nvd-index
- vendor/zoom
- canonical/zoom zoom
- version/zoom zoom/4.6.10