Jabber Bug Could Let Hackers Target Windows Systems Remotely


Jabber Bug Could Let Hackers Target Windows Systems Remotely

Networking equipment leader Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code.


The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently supported. Two of the four flaws can be exploited to gain remote code execution (RCE) on target systems by sending specially crafted chat messages in group conversations or specific individuals.


The most severe of the lot is a flaw (CVE-2020-3495, CVSS score 9.9) that's caused by improper validation of message contents, which could be leveraged by an attacker by sending maliciously-crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. The development comes days after Cisco warned of an actively exploited zero-day flaw in its IOS XR router software.


A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution," Cisco said in an advisory published yesterday.


 Panel Discussion Session  

 Women leadership in Technology Sales 

 WOMEN LEADERSHIP  Placeholder image

 IMAGE GALLERY  Placeholder image

 TRENDS IN TECHNOLOGY  Placeholder image

MORE VIDEOS  Placeholder image

 ADVERTISEMENTS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2020 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org