CVE-2020-26085Sensitive Info Insertion into Sent Data in Cisco Jabber

CWE-201Sensitive Info Insertion into Sent DataCWE-78OS Command InjectionCWE-77Command InjectionCWE-87Improper Neutralization of Alternate XSS Syntax4 documents4 sources
Severity
9.9CRITICALNVD
EPSS
0.6%
top 30.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco JabberCisco Jabber
Timeline
PublishedJan 7
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDcisco/jabber12.512.5.3+8
CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

2
GHSA
GHSA-mjgx-fh7r-8mmh: Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary p2022-05-24
CVEList
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities2021-01-06

📋Vendor Advisories

1
Cisco
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities2020-12-10
CVE-2020-26085 — Cisco Jabber vulnerability | cvebase