Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely

2020-09-03 01:36

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities-which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code.

Two of the four flaws can be exploited to gain remote code execution on target systems by sending specially crafted chat messages in group conversations or specific individuals.

The most severe of the lot is a flaw that's caused by improper validation of message contents, which could be leveraged by an attacker by sending maliciously-crafted Extensible Messaging and Presence Protocol messages to the affected software.

"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution," Cisco said in an advisory published yesterday.

The flaw in Cisco Jabber arises from cross-site scripting vulnerability when parsing XHTML-IM messages.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/GLqt0bzpGLw/cisco-jabber-hacking.html

#cisco #hacker #windows

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		2046	21	1773	1669	288	3751

News URL

Related news

Related vendor