Cisco Jabber for Windows Security Risk

OneNeck IT Solutions

 

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.
cisco-jabber

To exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. Attackers may require access to the same XMPP domain or an-other method of access to be able to send messages to clients.

The issue has the follow advisory code: CVE-2020-3495

The vulnerabilities affect all currently supported versions of the Cisco Jabber client for Windows (12.1 – 12.9). Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to exploitation. There are no workarounds that address this vulnerability.

What Should You Do if Your Version of Jabber is Impacted?

Any customers running an affected version of Jabber, should upgrade as soon as possible. See the fixes in the table below:

  • Users operating version 12.1 should upgrade to 12.1.3
  • Users operating version 12.5 should upgrade to 12.5.2
  • Users operating version 12.6 should upgrade to 12.6.3
  • Users operating version 12.7 should upgrade to 12.7.2
  • Users operating version 12.8 should upgrade to 12.8.3
  • Users operating version 12.9 should upgrade to 12.9.1

The latest versions can be downloaded from the following URL:

https://software.cisco.com/download/home/284324806/type/284006014/release/

If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about Cisco Jabber, we are here to help

Keep Moving Forward. We Got Your Back.

 

Previous Resource
Next-Gen Virtual Firewalls
Next-Gen Virtual Firewalls

To defend against boundary attacks, OneNeck, through our longtime partnership with Cisco®, offers next-gen ...

Next Resource
BYOD with AirWatch
BYOD with AirWatch

AirWatch enables Bring Your Own Device (BYOD) programs by supporting unprecedented device choice without co...

Free Ransomware Vulnerability Consult

LEARN MORE