CVE-2020-11500
HIGHZoom Meetings < 4.6.9 - Use of ECB Mode in AES Encryption
Title source: llmDescription
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
Press/Media Coverage, Third Party Advisory x_refsource_misc
https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/
Scores
CVSS v3
7.5
EPSS
0.0014
EPSS Percentile
32.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (1)
zoom/meetings
< 4.6.9
Published
Apr 03, 2020
Tracked Since
Feb 18, 2026