PT-2020-12911 · Zoom · Zoom Client For Meetings
Published
2020-04-17
·
Updated
2024-08-04
·
CVE-2020-11877
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings version 4.6.11
Description
The issue concerns the use of a static Initialization Vector (IV) for AES-256 CBC encryption in the airhost.exe component. Specifically, the IV used is 3423423432325249. The vendor notes that this IV is utilized within unreachable code.
Recommendations
For Zoom Client for Meetings version 4.6.11, consider updating to a newer version that addresses this issue, as the static IV could potentially be exploited if the code becomes reachable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Client For Meetings