Cisco today experienced a critical vulnerability in executing critical code remotely that affects many versions of Cisco Jabber software for Windows.
The vulnerability was identified and reported by Watchcom's Olav Sortland Thoresen. The Cisco Product Security Incident Response Team (PSIRT) says that defect so far has not been exploited by a hacker.
The security flaw identified as CVE-2020-3495 received a 9,9 CVSS rating from Cisco and is caused by improper entry validation of content of incoming messages.
Exploit via malicious XMPP messages
CVE-2020-3495 could allow remote intruders to execute arbitrary code on systems running the uninstalled Jabber software for Windows using messaging protocol called "Extensible Messaging and Presence Protocol" (XMPP) maliciously.
User interaction is not required to exploit this flaw, with CVE-2020-3495 also exploitable even if Jabber for Windows runs in the background.
"A successful exploit could allow an attacker to execute arbitrary programs on the targeted system with the privileges of the user account running Cisco Jabber software, leading to an arbitrary code execution", Explains Cisco.
Attackers must have access to their victims' XMPP domains to send the malicious XMPP messages required to successfully exploit the vulnerability.
“The executable will run in the end-user system with royalties the user who started the Cisco Jabber application. ”
Vulnerable Jabber system for Windows
Systems with Jabber for Windows that are configured in phone mode and those that use other messaging services are not vulnerable to exploitation.
The vulnerability does not affect Cisco Jabber for macOS or mobile platforms and affects all currently supported publications of the Windows Cisco Jabber program (12.1 to 12.9), as listed in the table below.