Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an malicious user to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco jabber 12.9\\(0\\) |
||
cisco jabber 12.9\\(1\\) |
||
cisco jabber 12.9\\(2\\) |
||
cisco jabber 12.9\\(3\\) |
||
cisco jabber for mobile platforms 12.9\\(0\\) |
||
cisco jabber for mobile platforms 12.9\\(1\\) |
||
cisco jabber for mobile platforms 12.9\\(2\\) |
||
cisco jabber for mobile platforms 12.9\\(3\\) |
Wormable nasty still doesn't need any user input to pwn target devices
A previous patch for Cisco's Jabber chat product did not in fact fix four vulnerabilities – including one remote code execution (RCE) flaw that would allow malicious people to hijack targeted devices by sending a carefully crafted message. Norwegian infosec biz Watchcom spotted the vulnerabilities, having been asked by a client to verify that a previous patch for CVE-2020-26085 worked as advertised. Instead Watchcom found that the September update didn't fix the underlying problems. A cross-si...