Cisco has addressed critical several security issues, one with a severity rating of 9.9/10. The primary flaw concerns Cisco Jabber software, a web conferencing and instant messaging app that allows users to send messages via Extensible Messaging and Presence Protocol (XMPP). The vulnerability was reported by Olav Sortland Thoresen of Watchcom. Cisco’s Product Security Incident Response Team (PSIRT) says that the flaw is not known to be currently exploited in the wild. The security flaw tracked as CVE-2021-1411 and rated by Cisco with a 9.9/10 severity score, and it is caused by improper input validation of incoming messages’ contents. To exploit this flaw, the attacker would have to be authenticated to an XMPP server and use the vulnerable server to send malicious XMPP messages. This vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes. “A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution,” Cisco’s advisory explains. Four other bugs were patched that could enable remote attackers to execute arbitrary programs, gain access to sensitive information, and trigger denial-of-service states after exploiting them on devices running unpatched software.
Analyst Notes
If the Cisco Jabber application is not set to apply patches automatically, it is advised to apply this patch as soon as possible. It is always advised to download security and apply patches as soon as possible. To investigate any potential exploitation, check event logs on the Jabber server to determine whether any processes launched by the Jabber server as a parent process were out of the ordinary compared to normal operation of the Jabber server.
To Read More: https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/
