Cisco addresses critical RCE vulnerability in Jabber

Pierluigi Paganini December 10, 2020

Cisco addressed a new critical RCE vulnerability that affects several versions of Cisco Jabber for Windows, macOS, and mobile platforms.

Cisco has released security updates to address a critical remote code execution (RCE) flaw affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms.

Cisco Jabber is an instant messaging and web conferencing desktop app that delivers messages between users using the Extensible Messaging and Presence Protocol (XMPP). The application is built on the Chromium Embedded Framework (CEF) and uses web technologies like HTML, CSS and JavaScript for its UI.

In September Cisco released security updates to address another critical RCE security flaw (CVE-2020-3495) stemming from a Cross-Site Scripting (XSS) issue in Cisco Jabber.

After Cisco mitigated the above issue, researchers at Watchcom discovered a new wormable RCE flaw and reported it to the IT giant. Watchcom explained that three flaws, including an RCE issue, have not been properly mitigated by the vendor.

The expert discovered new flaws that affect all currently supported Cisco Jabber versions, from 12.1 up to 12.9.

The RCE vulnerability discovered by the researchers is an XSS bug tracked as CVE-2020-26085. The flaw could be exploited by an attacker to execute arbitrary code remotely by escaping Cisco Jabber’s CEF sandbox.

“The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted XMPP messages to the affected software.” reads the advisory published by Cisco. “A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.”

The vulnerability could be exploited without user interaction and is wormable.

The experts published a video PoC f that attack that exploits the Cisco Jabber vulnerabilities fixed in September 2020.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BISMUTH)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment