Attackers may require access to the same XMPP domain or another method of access to be able to send messages to clients.Īs a result of exploitation, an attacker could cause the application to run an arbitrary executable that already exists within the local file path of the application. To exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. This vulnerability does not affect Cisco Jabber for MacOS or Cisco Jabber for mobile platforms. Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. This vulnerability affects Cisco Jabber for Windows if it is running a vulnerable software release.įor information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. This advisory is available at the following link: There are no workarounds that address this vulnerability. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.Ĭisco has released software updates that address this vulnerability. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. The vulnerability is due to improper validation of message contents. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code.
0 kommentar(er)
