CVE-2020-3495

CWE-20Improper Input Validation6 documents6 sources
Severity
8.8HIGH
EPSS
5.2%
top 10.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco JabberCisco Cisco Jabber
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

NVDcisco/jabber12.112.1.3+5
CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

2
GHSA
GHSA-fgm2-2fhw-x8fx: A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code2022-05-24
CVEList
Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability2020-09-04

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible Cisco Jabber RCE Inbound (CVE-2020-3495)2020-09-05

📋Vendor Advisories

1
Cisco
Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability2020-09-02

💬Community

1
Bugzilla
CVE-2020-1728 keycloak: security headers missing on REST endpoints2020-02-07
CVE-2020-3495 (HIGH CVSS 8.8) | A vulnerability in Cisco Jabber for | cvebase.io