The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Cisco Jabber

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software

December 10, 2020Ravie Lakshmanan
Cisco has once again fixed four  previously disclosed critical bugs  in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to execute arbitrary code on target systems by sending specially-crafted chat messages in group conversations or specific individuals. They were reported to the networking equipment maker on September 25 by Watchcom , three weeks after the Norwegian cybersecurity firm publicly disclosed multiple security shortcomings in Jabber that were found during a penetration test for a client in June. The new flaws, which were uncovered after one of its clients requested a verification audit of the patch, affects all currently supported versions of the Cisco Jabber client (12.1 - 12.9). "Three of the four vulnerabilities Watchcom  disclosed in September  have not been sufficiently mitigated,&qu
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

September 03, 2020Ravie Lakshmanan
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently supported versions of the Jabber client (12.1-12.9) and has since been fixed by the company. Two of the four flaws can be exploited to gain remote code execution (RCE) on target systems by sending specially crafted chat messages in group conversations or specific individuals. The most severe of the lot is a flaw (CVE-2020-3495, CVSS score 9.9) that's caused by improper validation of message contents, which could be leveraged by an attacker by sending maliciously-crafted Extensible Messaging and Presence Protocol ( XMPP ) messages to the affected software. "A successful exploit could allow the
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.