Description
Multiple vulnerabilities were found in Cisco Jabber. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.
Below is a complete list of vulnerabilities:
- OSI vulnerability in Cisco Jabber can be exploited remotely via special crafted message to obtain sensitive information.
- An code execution vulnerability in Cisco Jabber can be exploited remotely via special crafted XMPP to execute arbitrary code.
- A command injection vulnerability in the application protocol handling features can be exploited remotely to execute arbitrary code.
Original advisories
Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability
- Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability
- Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability
- Cisco Jabber for Windows Information Disclosure Vulnerability
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2020-3537 high
- CVE-2020-3495 critical
- CVE-2020-3498 high
- CVE-2020-3430 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!