CVE-2019-12645Improper Input Validation in Cisco Jabber FOR MAC

CWE-20Improper Input ValidationCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 90.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Jabber FOR MACCisco Jabber
Timeline
PublishedSep 5
Latest updateMay 24

Description

A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain con

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/jabber< 12.6\(1\)
CVEListV5cisco/cisco_jabber_for_macunspecified12.6(1)

🔴Vulnerability Details

2
GHSA
GHSA-5m68-8fj2-cw42: A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenti2022-05-24
CVEList
Cisco Jabber Client Framework for Mac Code Execution Vulnerability2019-09-05

📋Vendor Advisories

1
Cisco
Cisco Jabber Client Framework for Mac Code Execution Vulnerability2019-09-04
CVE-2019-12645 — Improper Input Validation in Cisco | cvebase