• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Critical Cisco Jabber Bug Gets Updated Fix

Critical Cisco Jabber Bug Gets Updated Fix

You are here: Home / Latest Cyber Security Vulnerabilities / Critical Cisco Jabber Bug Gets Updated Fix

A sequence of bugs, patched in September, however allow for distant code execution by attackers.

Cisco Programs launched updated patches for a critical vulnerability in its movie and immediate messaging platform Jabber. The flaws were patched in September, however the researchers that at first located the bugs recognized new means to exploit the same flaws.

The most severe of the bugs is the critical remote code-execution (RCE) flaw impacting Cisco Jabber for Windows, Jabber for MacOS and the Jabber for cell platforms. Attackers can exploit the bug simply by sending a focus on a specifically crafted messages – no consumer conversation needed.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
F Secure Safe 2021

Protect yourself against all threads using F-Seure. F-Seure is one of the first security companies which has never been backed up by any governments. It provides you with an award-winning security plus an optimum privacy.

Get F-Secure Safe with 65% discount from a bitdefender official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The flaw (CVE-2020-26085) has a CVSS rating of 9.9 out of 10, making it critical in severity. Researchers with Watchcom, who discovered the flaw, said at the time of the first discovery the implications of the vulnerability are specifically really serious supplied the present pandemic-driven function-from-household craze.

Click to register.

“We are not knowledgeable of any active exploitation of the vulnerabilities,” Watchcom instructed Threatpost on Thursday. “Both the initial discovery of the vulnerabilities and the ‘re-discovery’ ended up built for the duration of security audits for a customer.”

Patch, Update, Patch and Repeat

The three Cisco Jabber vulnerabilities that are even now open up to attack are a cross-internet site scripting bug foremost to RCE (CVE-2020-26085), with a 9.9 CVSS ranking. The second is a password hash thieving information and facts disclosure flaw (CVE-2020-27132), with a CVSS 6.5 severity ranking. Lastly, there is the protocol handler command injection vulnerability (CVE-2020-27127), with a CVSS severity-score of 4.3.

Current patches are offered via Cisco’s Security Advisories support web page.

“Cisco launched a patch that mounted the injection points we noted, but the fundamental issue has not been fixed,” wrote scientists.

“We have been ready to obtain new injection factors that could be utilised to exploit the vulnerabilities. All presently supported variations of the Cisco Jabber client (12.1 – 12.9) are influenced. The a few vulnerabilities have been assigned new CVE numbers to distinguish them from the vulnerabilities disclosed in September,” researchers wrote.

Nightmare Attack Situation

In get to exploit these vulnerabilities, all a hacker requires to be capable to mail a Jabber chat concept to the sufferer, Watchcom describes.

“This could occur if the specific enterprise enables adding contacts outside the house of the corporation or if the attacker gains access to an employee’s Jabber username and password,” researchers wrote. “Once the attacker is in a position to ship chat messages, he can take comprehensive handle around the computer systems of everybody in the organization. The individual obtaining the concept does not have to do nearly anything, the attackers destructive code will operate mechanically after the message is gained.”

To exploit the two message dealing with vulnerabilities (CVE-2020-26085, CVE-2020-27132) an attacker would require to send an Extensible Messaging and Presence Protocol (XMPP) information to a program managing the Cisco Jabber customer. “Attackers may well call for obtain to the very same XMPP domain or one more approach of entry to be equipped to deliver messages to clientele,” Cisco observed.

Subsequent, an attacker can trigger the Jabber software to “run an arbitrary executable that already exists in just the community file route of the application,” scientists stated. The executable would run on the end-person method with the privileges of the person who initiated the Cisco Jabber customer software, Watchcom wrote.

Cisco explained the vulnerabilities are not dependent on one particular another. “Exploitation of one of the vulnerabilities is not necessary to exploit another vulnerability. In addition, a software package launch that is impacted by 1 of the vulnerabilities may not be afflicted by the other vulnerabilities,” it wrote in its  Cisco Security Advisory Thursday.

Place Ransomware on the Run: Save your spot for “What’s Upcoming for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to combat again. 

Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and Israel Barak, CISO at Cybereason, on new forms of attacks. Subject areas will include things like the most harmful ransomware threat actors, their evolving TTPs and what your corporation requirements to do to get ahead of the following, inevitable ransomware attack. Sign-up here for the Wed., Dec. 16 for this LIVE webinar.


Some parts of this posting are sourced from:
threatpost.com

Previous Post: «Cisco Reissues Patches For Critical Bugs In Jabber Video Conferencing Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software
Next Post: PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers Please Read Me Ransomware Attacks 85k Mysql Servers»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Big Tech Bans Social Networking App
  • Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups
  • Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
  • ‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform
  • DarkSide decryptor unlocks systems without ransom payment – for now
  • Researchers see links between SolarWinds Sunburst malware and Russian Turla APT group
  • Millions of Social Profiles Leaked by Chinese Data-Scrapers
  • Feds will weigh whether cyber best practices were followed when assessing HIPAA fines
  • SolarWinds Hack Potentially Linked to Turla APT
  • 10 quick tips to identifying phishing emails

Copyright © TheCyberSecurity.News, All Rights Reserved.