Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.
References
Link | Resource |
---|---|
https://docs.agora.io/en/Agora%20Platform/downloads | Vendor Advisory |
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-17T20:40:41
Updated: 2021-02-17T20:40:41
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25605
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-17T21:15:12.807
Modified: 2021-02-23T19:55:44.647
Link: CVE-2020-25605
JSON object: View
Redhat Information
No data.
CWE