Lucene search

Kaspersky LabKLA20106

HistoryOct 05, 2022 - 12:00 a.m.

KLA20106 ACE vulnerability in Cisco Jabber

2022-10-0500:00:00

Kaspersky Lab

threats.kaspersky.com

cisco jabber

xmpp

vulnerability

arbitrary code execution

security bypass

ace

cve-2022-20917

update

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

XMPP message smuggling vulnerability was found in Cisco Jabber. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability

Related products

Cisco-Jabber

CVE list

CVE-2022-20917 warning

Solution

Update to the latest version

Download Cisco Jabber

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Cisco Jabber 14.1.x earlier than 14.1.3Cisco Jabber 14.0.x earlier than 14.0.5Cisco Jabber 12.9.x earlier than 12.9.7Cisco Jabber 12.8.x earlier than 12.8.7Cisco Jabber 12.7.x earlier than 12.7.6Cisco Jabber 12.6.x earlier than 12.6.6Cisco Jabber earlier than 12.5