Monday, January 18, 07:14
Home security Cisco Fixes Critical Code Execution Error in Jabber for Windows

Cisco Fixes Critical Code Execution Error in Jabber for Windows

Cisco today experienced a critical vulnerability in executing critical code remotely that affects many versions of Cisco Jabber software for Windows.

Cisco Jabber for Windows is a desktop application designed to provide users with the following features: instant sharing messages, messaging in cloud, desktop sharing, and voice calls or video calls.

Cisco Jabber Windows

The vulnerability was identified and reported by Watchcom's Olav Sortland Thoresen. The Cisco Product Security Incident Response Team (PSIRT) says that defect so far has not been exploited by a hacker.

The security flaw identified as CVE-2020-3495 received a 9,9 CVSS rating from Cisco and is caused by improper entry validation of content of incoming messages.

Exploit via malicious XMPP messages

CVE-2020-3495 could allow remote intruders to execute arbitrary code on systems running the uninstalled Jabber software for Windows using messaging protocol called "Extensible Messaging and Presence Protocol" (XMPP) maliciously.

User interaction is not required to exploit this flaw, with CVE-2020-3495 also exploitable even if Jabber for Windows runs in the background.

"A successful exploit could allow an attacker to execute arbitrary programs on the targeted system with the privileges of the user account running Cisco Jabber software, leading to an arbitrary code execution", Explains Cisco.

Attackers must have access to their victims' XMPP domains to send the malicious XMPP messages required to successfully exploit the vulnerability.

"As a result of the exploitation, an attacker could make the application execute an arbitrary executable which already exists in its file application", Added Cisco.

“The executable will run in the end-user system with royalties the user who started the Cisco Jabber application. ”

Vulnerable Jabber system for Windows

Systems with Jabber for Windows that are configured in phone mode and those that use other messaging services are not vulnerable to exploitation.

The vulnerability does not affect Cisco Jabber for macOS or mobile platforms and affects all currently supported publications of the Windows Cisco Jabber program (12.1 to 12.9), as listed in the table below.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to add percentages using Excel

Do you want to add percentages to Excel? There are several ways to do this. In a sense, you could add a percentage ...

Microsoft Teams: How to turn off reading receipts

Platform users usually want to see read receipts to know when the recipient is reading a message. However, there are ...

iPhone: How to stop tracking requests from apps?

Apple is one of the companies that claim to place great emphasis on the importance of privacy ...

Save battery by turning off 5G on iPhone

The new 5G wireless standard comes with the promise of better speeds and greater data transfer convenience. As the ...

iPhone / iPad: How to close all Safari tabs at once

If you have dozens of Safari tabs open on your iPhone or iPad and want to close them quickly, it might be ...

Emotet has "evolved" and is at the top of the malware charts!

The infamous Emotet trojan returns to the top of the malware charts, having been "refreshed" and evolved to be more difficult to detect. The world ...

Signal: How to protect your messages with passcode?

In recent days the Signal messaging application has become quite popular. The Signal ...

The 5 best secure alternatives for WhatsApp

WhatsApp is one of the most popular messaging platforms, but it is definitely not accepted by everyone. Especially after his last ...

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....