CVE-2020-11876

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings version 4.6.11

Description The issue is related to the airhost.exe executable file in Zoom Client for Meetings, which uses a hardcoded registration data with the SHA-256 hashing algorithm. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability involves the use of a specific SHA-256 hash for initializing an OpenSSL EVP AES-256 CBC context.

Recommendations For Zoom Client for Meetings version 4.6.11, consider disabling the airhost.exe executable until a patch is available, as a temporary workaround to minimize the risk of exploitation. Restrict access to the vulnerable component to prevent potential attacks. Avoid using the affected initialization of the OpenSSL EVP AES-256 CBC context until the issue is resolved.