Cisco Jabber Desktop and Mobile Client Software Vulnerabilities Alert

by ddos ·

Cisco Jabber is a collaboration application that provides presence, instant messaging (IM), cloud messaging, voice and video calling, voicemail capabilities. Escalate your Jabber calls into multi-party conferencing with Cisco Webex® Meetings. On March 24, 2021, Cisco released a security update risk notice for Jabber, with the vulnerability numbers CVE-2021-1411, CVE-2021-1469, CVE-2021-1417, CVE-2021-1471, CVE-2021 -1418. The vulnerability has not yet been widely exploited.

Vulnerability Detail

CVE-2021-1411: Cisco Jabber Arbitrary Program Execution Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute programs on a targeted system.

CVE-2021-1469: Cisco Jabber Arbitrary Program Execution Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute programs on a targeted system.

CVE-2021-1417: Cisco Jabber Information Disclosure Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to access sensitive information.

CVE-2021-1471: Cisco Jabber Certificate Validation Vulnerability

A vulnerability in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an unauthenticated, remote attacker to intercept protected network traffic.

CVE-2021-1418: Cisco Jabber Denial of Service Vulnerability

A vulnerability in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an authenticated, remote attacker to cause a DoS condition.

Affected version

Solution

In this regard, we recommend that users upgrade Cisco Jabber to the latest version in time.

Tags: Cisco Jabber VulnerabilityCVE-2021 -1418CVE-2021-1411CVE-2021-1417CVE-2021-1469CVE-2021-1471