HomesecurityCisco Fixes New Code Execution Error in Jabber for Windows

Cisco Fixes New Code Execution Error in Jabber for Windows

Cisco has encountered a new Critical Remote Code Execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after fixing a related security bug in September.

Cisco Jabber is a desktop instant messaging and web conferencing application created using the Chromium Embedded Framework (CEF).

The application provides messages between users using the Extensible Messaging and Presence Protocol (XMPP) and also provides them with presentation capabilities and common use of the desktop.

Cisco Jabber Windows

RCE due to insufficient mitigation

Cisco released some security updates in September to address a critical RCE security vulnerability named CVE-2020-3495 due to an error Cross-Site Scripting (XSS) in Cisco Jabber.

Since then, a new vulnerability in RCE has been found by Watchcom researchers who reported it to Cisco after testing whether patch September completely corrected CVE-2020-3495.

"During this control, we found that some more serious vulnerabilities, including RCE vulnerabilities, have not been properly mitigated and that users remain vulnerableSays Watchcom.

"Patch updates are now available and we invite all Cisco Jabber users to make the updates as soon as possible!"

In all, the researchers reported four client vulnerabilities in Cisco Jabber in September, and found that three of them were not adequately mitigated by patches of Cisco.

This allowed them to identify new vulnerabilities that they could abused to take advantage all currently supported versions of Cisco Jabber (from version 12,1 to 12,9).

Source of information:

Teo Ehc
Be the limited edition.