Severity Rating: HIGH
Software Affected
Cisco Jabber for Windows, Jabber for MacOS and Jabber for mobile platforms.
Overview
Multiple Vulnerabilities have been reported in Cisco Jabber for Windows,
Jabber for MacOS, and Jabber for mobile platforms could allow an attacker
to execute arbitrary programs on the underlying operating system (OS) with
elevated privileges or gain access to sensitive information.
Description
Multiple vulnerabilities exist in Cisco Jabber for Windows, Jabber for
MacOS, and Jabber for mobile platforms due to improper validation of
message contents and handling of input to the application protocol handlers
that could allow the attacker to execute arbitrary programs on the
underlying operating system (OS) with elevated privileges. An attacker
could exploit these vulnerabilities by sending specially crafted messages
to end-user systems running Cisco Jabber.
Successful exploitation of these vulnerabilities could allow the attacker
to cause the application on MacOS , Windows and mobile platforms to execute
arbitrary programs on the targeted system with the privileges of the user
account that is running the Cisco Jabber client software.
Solution
Apply appropriate updates as mentioned in:
- -sa-jabber-ZktzjpgO
Vendor Information
CISCO
- -sa-jabber-ZktzjpgO
References
CISCO
- -sa-jabber-ZktzjpgO
CVE Name
CVE-2020-26085
CVE-2020-27127
CVE-2020-27132
CVE-2020-27133
CVE-2020-27134
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.