ID KLA11802 Type kaspersky Reporter Kaspersky Lab Modified 2020-06-09T00:00:00
Description
Detect date:
04/03/2020
Severity:
High
Description:
Security vulnerability was found in Zoom. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions.
{"cve": [{"lastseen": "2021-02-02T07:36:56", "description": "Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-03T13:15:00", "title": "CVE-2020-11500", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11500"], "modified": "2020-04-07T13:46:00", "cpe": ["cpe:/a:zoom:meetings:4.6.9"], "id": "CVE-2020-11500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11500", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zoom:meetings:4.6.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-15T14:54:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11500"], "description": "The Zoom Client is using insufficient video and audio encryption\n for Meetings.", "modified": "2020-04-14T00:00:00", "published": "2020-04-06T00:00:00", "id": "OPENVAS:1361412562310108741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108741", "type": "openvas", "title": "Zoom Client Insufficient Video and Audio Encryption - Apr20", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:zoom:zoom\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108741\");\n script_version(\"2020-04-14T06:33:35+0000\");\n script_cve_id(\"CVE-2020-11500\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-14 06:33:35 +0000 (Tue, 14 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-06 08:11:24 +0000 (Mon, 06 Apr 2020)\");\n script_name(\"Zoom Client Insufficient Video and Audio Encryption - Apr20\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_zoom_client_detect_macosx.nasl\", \"gb_zoom_client_detect_win.nasl\");\n script_mandatory_keys(\"zoom/client/detected\");\n\n script_xref(name:\"URL\", value:\"https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/\");\n\n script_tag(name:\"summary\", value:\"The Zoom Client is using insufficient video and audio encryption\n for Meetings.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zoom Client for Meetings uses the ECB mode of AES for video and audio\n encryption. Within a meeting, all participants use a single 128-bit key.\");\n\n script_tag(name:\"affected\", value:\"All current Zoom Client versions are known to be affected.\");\n\n script_tag(name:\"solution\", value:\"No known solution is available as of 06th April, 2020. Information\n regarding this issue will be updated once solution details are available.\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( get_kb_item( \"zoom/client/mac/detected\" ) )\n check = \"4.6.919273.0402\";\nelse if( get_kb_item( \"zoom/client/win/detected\" ) )\n check = \"4.6.919253.0401\";\nelse\n check = \"3.5.374815.0324\"; # nb: No detection for Linux available yet.\n\nif( version_is_less_equal( version:vers, test_version:check ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"None\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-05T15:53:27", "description": "The version of the Zoom Client installed on the remote host is prior to 4.6.10. It is, therefore, affected by a weak\nencryption vulnerability. Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio\nencryption. Within a meeting, all participants use a single 128-bit key.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 8, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-09-02T00:00:00", "title": "Zoom Client < 4.6.10 Weak Encryption", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11500"], "modified": "2020-09-02T00:00:00", "cpe": ["cpe:/a:zoom:zoom", "cpe:/a:zoom:meetings"], "id": "ZOOM_CLIENT_4_6_10.NASL", "href": "https://www.tenable.com/plugins/nessus/140133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140133);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2020-11500\");\n\n script_name(english:\"Zoom Client < 4.6.10 Weak Encryption\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by a weak encryption vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the Zoom Client installed on the remote host is prior to 4.6.10. It is, therefore, affected by a weak\nencryption vulnerability. Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio\nencryption. Within a meeting, all participants use a single 128-bit key.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?774d8ec7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.zoom.us/hc/en-us/articles/201361963\");\n # https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c2da9b98\");\n # https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fedaf0c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Zoom Client for Meetings 4.6.10 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11500\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zoom:zoom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zoom:meetings\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"zoom_client_for_meetings_win_installed.nbin\", \"macosx_zoom_installed.nbin\");\n script_require_ports(\"installed_sw/Zoom Client for Meetings\", \"installed_sw/zoom\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nos = get_kb_item('Host/MacOSX/Version');\n\napp_info = NULL;\nconstraints = NULL;\n\n# Windows and macOS detection get version numbers in different formats\nif(isnull(os))\n{\n # Windows\n get_kb_item_or_exit('SMB/Registry/Enumerated');\n\n constraints = [\n { 'fixed_version' : '4.6.20033.0407', 'fixed_display' : '4.6.10 (20033.0407)' }\n ];\n\n app_info = vcf::get_app_info(app:'Zoom Client for Meetings', win_local:TRUE);\n}\nelse\n{\n # macOS\n constraints = [\n { 'fixed_version' : '4.6.10 (20041.0408)' }\n ];\n\n app_info = vcf::get_app_info(app:'zoom');\n}\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n\n\n\n\n\n\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
