Vulnerability Details CVE-2020-25605
Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://docs.agora.io/en/Agora%20Platform/downloads
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk/
- https://docs.agora.io/en/Agora%20Platform/downloads
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk/
Products affected by CVE-2020-25605
-
cpe:2.3:a:agora:video_software_development_kit:-