Security News > 2020 > December > Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software
Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks.
The new flaws, which were uncovered after one of its clients requested a verification audit of the patch, affects all currently supported versions of the Cisco Jabber client.
CallCppFunction, which is designed to open files sent by other Cisco Jabber users.
The third and final vulnerability is a command injection flaw concerning protocol handlers, which are used to inform the operating system to open specific URLs in Jabber, making it possible for an attacker to insert arbitrary command-line flags by simply including a space the URL. Given the self-replicating nature of the attacks, it's advised that Jabber users update to the latest version of the software to mitigate the risk.
Watchcom also recommends that organizations consider disabling communication with external entities through Cisco Jabber until all employees have installed the update.
News URL
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)