Security News > 2020 > September > Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
Researchers are warning of a critical remote code-execution flaw in the Windows version of Cisco Jabber, the networking company's video-conferencing and instant-messaging application.
The flaw has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory.
An attacker could exploit the flaw by sending specially crafted Extensible Messaging and Presence Protocol messages to vulnerable end-user systems running Cisco Jabber for Windows.
The issue stems from Cisco Jabber improperly validating message contents; the application does not properly sanitize incoming HTML messages.
Cisco has released updates for different releases of affected Cisco Jabber.
News URL
https://threatpost.com/attackers-can-exploit-critical-cisco-jabber-flaw-with-one-message/158942/
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)