Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Zoom Client <= 4.6.11 Multiple Vulnerabilities (Apr 2020) - Windows
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The Zoom Client is prone to multiple vulnerabilities.
Insight
Insight
The following flaws exist: - CVE-2020-11876: airhost.exe in Zoom Client for Meetings uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code. - CVE-2020-11877: airhost.exe in Zoom Client for Meetings uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code. - No CVE: Usage of the OpenSSL component with known vulnerabilities in zData.dll - No CVE: Concatenation of SQL Statements in zData.dll - No CVE: Potential buffer overflow in Zzhost.dll - No CVE: Windows Registry dump in zCrashReport.exe - No CVE: Screen Capture Function in Crash Reporter in zCrashReport.dll - No CVE: Usage of the curl and libssh2 components with known vulnerabilities in Airhost.exe - No CVE: Usage of the curl component with known vulnerabilities in zWebService.dll and tp.dll - No CVE: Usage of the libjpeg-turbo component with known vulnerabilities in turbojpeg.dll
Affected Software
Affected Software
Zoom Client versions 4.6.11 and prior on Windows.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.