Cisco has addressed several vulnerabilities impacting versions of Cisco Jabber client software for Windows, macOS, Android, and iOS, including a critical arbitrary program execution vulnerability. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol (XMPP). Successful exploitation could enable remote attackers to execute arbitrary programs, gain access to sensitive information, and trigger denial-of-service states after exploiting them on devices running unpatched software.
A. Nature of the Vulnerabilities
The following vulnerabilities were tracked as:
CVE-2021-1411, the Cisco Jabber Arbitrary Program Execution Vulnerability is due to improper validation of message content. Rated with a CVSS score of 9.9, attackers could exploit this vulnerability by sending crafted XMPP messages to the affected software. Successful exploitation could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution.
CVE-2021-1469, the Cisco Jabber Arbitrary Program Execution Vulnerability is due to improper validation of message content. Rated with a CVSS score of 7.2, attackers could exploit this vulnerability by sending crafted XMPP messages to the affected software. Successful exploitation could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution.
CVE-2021-1417, the Cisco Jabber Information Disclosure Vulnerability is due to improper validation of message content. Rated with a CVSS score of 6.5, attackers could exploit this vulnerability by sending crafted XMPP messages to a targeted system. Successful exploitation could allow the attacker to cause the application to return sensitive authentication information to another system, which an attacker could use in further attacks.
CVE-2021-1471, the Cisco Jabber Certificate Validation Vulnerability is due to improper validation of certificates that affects Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms. Rated with a CVSS score of 5.6, attackers could exploit this vulnerability by using a privileged network position to intercept network requests from the affected software and present a maliciously crafted certificate. Successful exploitation could allow an attacker to inspect or modify connections between the Cisco Jabber client and a server.
CVE-2021-1418, the Cisco Jabber Denial of Service Vulnerability is due to improper validation of message content that affects Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms. Rated with a CVSS score of 4.3, attackers could exploit this vulnerability by sending crafted XMPP messages to a targeted system. Successful exploitation could allow an attacker to cause the application to terminate, resulting in a DoS condition.
___________________________________
B. List of Vulnerable Systems
Vulnerable Cisco Jabber Products are as follows:
Cisco Jabber (Windows) version:
- 12.1 and earlier
- 12.5 – 12.9
Cisco Jabber (MacOS):
- 12.7 and earlier
- 12.8 – 12.9
Cisco Jabber (Android and iOS):
- 12.9 and earlier
Cisco Jabber (BlackBerry and Intune MAM):
- 12.9
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
Immediately test and apply the corresponding patched versions of the affected Cisco Jabber products from the Cisco’s Security Advisory. (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC)