Main Vulnerability Database SB2020042127

SB2020042127 - Multiple vulnerabilities in Zoom Client for Meetings

Published: April 21, 2020 Updated: June 30, 2020

Security Bulletin ID SB2020042127

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Security Features (CVE-ID: CVE-2020-11876)

This vulnerability allows a remote attacker to bypass security rescritions feature.

The vulnerability exists due to the "airhost.exe" uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. A remote attacker can gain unauthorized access to the application.

2) Security Features (CVE-ID: CVE-2020-11877)

This vulnerability allows a remote attacker to bypass security rescritions feature.

The vulnerability exists due to the "airhost.exe" uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. A remote attacker can gain unauthorized access to the application.

Remediation

Install update from vendor's website.

References

https://dev.io/posts/zoomzoo/