CVE-2020-3537Sensitive Information Exposure in Cisco Jabber

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.7MEDIUMNVD
GHSA7.5
EPSS
0.3%
top 50.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco JabberCisco Jabber
Timeline
PublishedSep 4
Latest updateMay 24

Description

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

NVDcisco/jabber12.112.1.3+5
CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

3
GHSA
GHSA-fg68-5m2x-55qr: A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information2022-05-24
GHSA
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.122021-05-17
CVEList
Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability2020-09-04

📋Vendor Advisories

1
Cisco
Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability2020-09-02
CVE-2020-3537 — Sensitive Information Exposure in Cisco | cvebase