CVE-2020-3430

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
5.0%
top 10.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco JabberCisco Cisco Jabber
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/jabber12.112.1.3+5
CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

2
GHSA
GHSA-hqr6-633p-3x2j: A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute a2022-05-24
CVEList
Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability2020-09-04

📋Vendor Advisories

1
Cisco
Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability2020-09-02
CVE-2020-3430 (HIGH CVSS 8.8) | A vulnerability in the application | cvebase.io