Patch Now… Your Windows version of Cisco Jabber could be a security risk

September 24, 2020 OneNeck IT Solutions

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.

cisco-jabberTo exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. Attackers may require access to the same XMPP domain or an-other method of access to be able to send messages to clients.

The issue has the follow advisory code: CVE-2020-3495

The vulnerabilities affect all currently supported versions of the Cisco Jabber client for Windows (12.1 – 12.9). Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to exploitation. There are no workarounds that address this vulnerability.

What Should You Do if Your Version of Jabber is Impacted?

Any customers running an affected version of Jabber, should upgrade as soon as possible. See the fixes in the table below:

  • Users operating version 12.1 should upgrade to 12.1.3
  • Users operating version 12.5 should upgrade to 12.5.2
  • Users operating version 12.6 should upgrade to 12.6.3
  • Users operating version 12.7 should upgrade to 12.7.2
  • Users operating version 12.8 should upgrade to 12.8.3
  • Users operating version 12.9 should upgrade to 12.9.1

The latest versions can be downloaded from the following URL:

https://software.cisco.com/download/home/284324806/type/284006014/release/

If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about Cisco Jabber, we are here to help


Keep Moving Forward. We Got Your Back.

This post Patch Now… Your Windows version of Cisco Jabber could be a security risk first appeared on OneNeck.

Previous Article
Estimating WAN Latency Calculator
Estimating WAN Latency Calculator

As services move into the cloud, more vendors are publishing the latency requirements for their platform or...

Next Article
Is Your Citrix StoreFront Vulnerable to Exploit?
Is Your Citrix StoreFront Vulnerable to Exploit?

On September 14, Citrix pushed out an announcement around a high-severity security vulnerability Citrix Sto...