Security News > 2021 > March > Cisco addresses critical bug in Windows, macOS Jabber clients
Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol.
The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.
"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution," Cisco's advisory explains.
Vulnerable software includes Cisco Jabber for Windows, macOS, Android, or iOS, versions 12.9 or earlier.
Cisco released security updates for four other medium and high severity Cisco Jabber vulnerabilities.
Cisco also published 37 other security advisories today, detailing security updates for other medium and high severity security flaws in multiple Cisco products.
News URL
Related news
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)