Watchcom discovered the vulnerabilities in the XMPP-based Jabber client for Windows while conducting penetration testing for one of their clients. The remaining three are: CVE-2020-3430 Opens a new window (CVSS score 8), CVE-2020-3498 Opens a new window (CVSS score 6.5), and CVE-2020-3537 Opens a new window (CVSS score 5.7). ĬVE-2020-3495 is also wormable, which means it can be exploited to deliver malware within the target system. It is a message handling arbitrary code execution vulnerability that can be “exploited even when Cisco Jabber is running in the background,” said Watchcom Opens a new window. While all four bugs vary in severity levels, the remote code execution flaw or CVE-2020-3495 Opens a new window scored 9.9, making it critically severe. Discovered by Norway-based Watchcom, two of the four vulnerabilities can lead to remote code execution (RCE) by simply sending a customized message, without any user interaction. The networking giant got rid of four vulnerabilities and has released an updated Jabber client for Windows.Ĭisco recently sealed four crucial flaws in its instant messaging and video conferencing application Jabber. Watchcom researchers discovered four severe vulnerabilities in Cisco Jabber, including a wormable that could potentially allow hackers to exploit the IM application with a single, customized message.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |