Fwd: [CIVN-2020-0436] Multiple Vulnerabilities in Cisco Jabber

1 year ago 74

Severity Rating: HIGH

Software Affected

Cisco Jabber for Windows, Jabber for MacOS and Jabber for mobile platforms.

Overview

Multiple Vulnerabilities have been reported in Cisco Jabber for Windows,

Jabber for MacOS, and Jabber for mobile platforms could allow an attacker

to execute arbitrary programs on the underlying operating system (OS) with

elevated privileges or gain access to sensitive information.

Description

Multiple vulnerabilities exist in Cisco Jabber for Windows, Jabber for

MacOS, and Jabber for mobile platforms  due to improper validation of

message contents and handling of input to the application protocol handlers

that could allow the attacker to execute arbitrary programs on the

underlying operating system (OS) with elevated privileges. An attacker

could exploit these vulnerabilities by sending specially crafted messages

to end-user systems running Cisco Jabber. 

Successful exploitation of these vulnerabilities could allow the attacker

to cause the application on MacOS , Windows and mobile platforms to execute

arbitrary programs on the targeted system with the privileges of the user

account that is running the Cisco Jabber client software.

Solution

Apply appropriate updates as mentioned in: 

- -sa-jabber-ZktzjpgO

Vendor Information

CISCO

- -sa-jabber-ZktzjpgO

References

CISCO

- -sa-jabber-ZktzjpgO

CVE Name

CVE-2020-26085

CVE-2020-27127

CVE-2020-27132

CVE-2020-27133

CVE-2020-27134

Read Entire Article