CVE-2020-27132

CWE-201CWE-269Improper Privilege ManagementCWE-77Command InjectionCWE-78OS Command InjectionCWE-874 documents4 sources
Severity
9.9CRITICAL
EPSS
0.3%
top 43.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco JabberCisco JabberCisco Jabber FOR Mobile Platforms
Timeline
PublishedDec 11
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDcisco/jabber4 versions+3
CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

2
GHSA
GHSA-m4f9-7fgw-p5j8: Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary p2022-05-24
CVEList
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities2020-12-11

📋Vendor Advisories

1
Cisco
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities2020-12-10
CVE-2020-27132 (CRITICAL CVSS 9.9) | Multiple vulnerabilities in Cisco J | cvebase.io