Watchcom analyzed, “Given their newfound prevalence in organizations of all sizes, these applications are becoming an increasingly attractive target for attackers. The collaboration app has seen a spike in usage with the shift to remote work, which further exacerbates the level of threats these vulnerabilities pose. XMPP is an XML-based protocol for instant messaging and presence, which is based on an open standard and is widely used in both open-source and proprietary software.
Watchcom discovered the vulnerabilities in the XMPP-based Jabber client for Windows while conducting penetration testing for one of their clients. The remaining three are: CVE-2020-3430 Opens a new window (CVSS score 8), CVE-2020-3498 Opens a new window (CVSS score 6.5), and CVE-2020-3537 Opens a new window (CVSS score 5.7). ĬVE-2020-3495 is also wormable, which means it can be exploited to deliver malware within the target system. It is a message handling arbitrary code execution vulnerability that can be “exploited even when Cisco Jabber is running in the background,” said Watchcom Opens a new window. While all four bugs vary in severity levels, the remote code execution flaw or CVE-2020-3495 Opens a new window scored 9.9, making it critically severe. Discovered by Norway-based Watchcom, two of the four vulnerabilities can lead to remote code execution (RCE) by simply sending a customized message, without any user interaction. The networking giant got rid of four vulnerabilities and has released an updated Jabber client for Windows.Ĭisco recently sealed four crucial flaws in its instant messaging and video conferencing application Jabber. Watchcom researchers discovered four severe vulnerabilities in Cisco Jabber, including a wormable that could potentially allow hackers to exploit the IM application with a single, customized message.
0 kommentar(er)
