Kaspersky LabKLA12057KLA12057 Multiple vulnerabilities in Cisco Jabber
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%
Detect date:
09/02/2020
Severity:
Critical
Description:
Multiple vulnerabilities were found in Cisco Jabber. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Cisco Jabber 12.1 earlier than 12.1.3
Cisco Jabber 12.5 earlier than 12.5.2
Cisco Jabber 12.6 earlier than 12.6.3
Cisco Jabber 12.7 earlier than 12.7.2
Cisco Jabber 12.8 earlier than 12.8.3
Cisco Jabber 12.9 earlier than 12.9.1
Solution:
Update to the latest version
Download Cisco Jabber
Original advisories:
Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability
Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability
Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability
Cisco Jabber for Windows Information Disclosure Vulnerability
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-35375.7High
CVE-2020-34958.8Critical
CVE-2020-34986.5High
CVE-2020-34308.8Critical
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3495
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3537
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Cisco-Jabber/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-G3NSjPn7
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB
www.webex.com/downloads/jabber.html
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%