Cisco Fixes Critical Code Execution Bug In Jabber For Windows

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?si=nytzAjvSR4qBqTbLP6pgKA

Cisco Fixes Critical Code Execution Bug In Jabber For Windows

Image: CoWomen

Cisco today addressed a critical severity remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows software.

Cisco Jabber for Windows is a desktop collaboration app designed to provide users with presence, instant messaging (IM), cloud messaging, desktop sharing, as well as audio, video, and web conferencing.

The vulnerability was found and reported by Olav Sortland Thoresen of Watchcom. The Cisco Product Security Incident Response Team (PSIRT) says that the flaw is not currently exploited in the wild.

The security flaw tracked as CVE-2020-3495 received an almost maximum 9.9 CVSS base score from Cisco and it is caused by improper input validation of incoming messages’ contents.

 

Exploitation via malicious XMPP messages

CVE-2020-3495 can allow authenticated, remote attackers to execute arbitrary code on systems running unpatched Jabber for Windows software after successful exploitation using maliciously-crafted Extensible Messaging and Presence Protocol (XMPP) messages.

No user interaction is required to exploit this flaw, with CVE-2020-3495 also being exploitable when the Jabber for Windows client is running in the background.

“A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution,” Cisco explains.

Attackers are required to have access to their victims’ XMPP domains to send the malicious XMPP messages needed to successfully exploit the vulnerability.

“As a result of exploitation, an attacker could cause the application to run an arbitrary executable that already exists within the local file path of the application,” Cisco added.

“The executable would run on the end-user system with the privileges of the user who initiated the Cisco Jabber client application.”

https://www.youtube.com/embed/AoG4iOwDstU

As Watchcom’s Olav Sortland Thoresen explains in a report with more details on CVE-2020-3495, attackers can also automate the exploitation process to create a worm capable of spreading automatically to new devices.

“Since Cisco Jabber supports file transfers, an attacker can initiate a file transfer containing a malicious .exe file and force the victim to accept it using an XSS attack,” then executing the malicious file on a targeted victim’s machine. 

Also read: How To Make A PDPC Complaint: With Its Importance And Impact

 

Vulnerable Jabber for Windows systems

Systems with Jabber for Windows configured in phone-only mode and those that use other messaging services are not vulnerable to exploitation.

The vulnerability does not impact Cisco Jabber for macOS or mobile platforms, and it affects all currently supported versions of the Windows Cisco Jabber client (12.1 to 12.9) as listed in the table embedded below.

Cisco Jabber for Windows Release	First Fixed Release
12.1	12.1.3
12.5	12.5.2
12.6	12.6.3
12.7	12.7.2
12.8	12.8.3
12.9	12.9.1

Over the weekend, Cisco warned customers that threat actors actively attempting to exploit two zero-day denial-of-service (DoS) flaws affecting carrier-grade router IOS XR software.

The two security flaws impact any Cisco device running any Cisco IOS XR Software release if multicast routing is enabled on any active interface.

Cisco is still working on software updates to address these vulnerabilities and it provides mitigation measures to partially or fully remove the exploit vector.

Update: Added more details from Olav Sortland Thoresen’s advisory.

Also read: Basic Info On How Long To Keep Accounting Records In Singapore?

https://www.youtube.com/watch?v=30eI59FlBdk