Discovered a particularly dangerous vulnerability in Cisco Jabber video conferencing software
Network equipment maker Cisco has released a new version of its Jabber web conferencing and messaging application for Windows 10. This new release includes fixes for many of the vulnerabilities that, if exploited, can expose them. allow hackers to attack, install and run arbitrary software on the victim's machine.
The vulnerabilities, discovered by Norwegian cybersecurity firm Watchcom, affect all active versions of Cisco Jabber. And for now, they have been patched by Cisco.
Two of the four vulnerabilities can be exploited to install and run arbitrary software on a victim's machine by sending messages specifically designed for group or individual chats.
The most serious of these was the codenamed CVE-2020-3495 vulnerability, a CVSS hazard rating of 9.9. This vulnerability leads to incorrect message content validation, so hackers can use them to send messages designed according to Extensible Messaging and Presence Protocol (XMPP).
"When the exploit is successful, the hacker can cause the application to launch arbitrary programs on the victim's system with the privileges of the user account running Cisco Jabber. From there, the hacker can run any code. or any software, " Cisco revealed.
Just a few days ago, Cisco had to warn of a zero-day vulnerability being actively exploited by hackers in the software of the IOS XR router.
Cisco recommends that users update to the latest version of Jabber software immediately.
You should read it
- Review the Cisco RV180 VPN router
- List the default password of Cisco routers and switches
- 4 places to help you learn skills and get Cisco certification
- 5 best Cisco network device monitoring tools
- Cisco security equipment is targeted at DoS attacks through an old vulnerability
- Instructions for configuring Cisco routers
- 10 commands to master when working with Cisco IOS
- Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security error
May be interested
- Typosquatting, attacking techniques, extortion with typos, typostaking advantage of users' typos, typos, bad guys with a sharp mind have devised a typosquatting attack technique.
- Detecting a Google Drive vulnerability could allow hackers to trick users into installing malwarean unresolved security weakness in google drive can be exploited by software attackers to distribute malicious files.
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emailsgoogle just patched a critical vulnerability affecting gmail and g suite. this vulnerability allows hackers to send fake identity emails to scam users.
- Find bug in Emotet malware, prevent it from spreading for 6 monthsaccording to researcher james quinn of the security firm binary defense, like other software, malicious code also has vulnerabilities, error codes. hackers can exploit software vulnerabilities to cause harm, security experts can also decompile the source code of malicious code to find the vulnerability to exploit and defeat the malicious code.
- Microsoft has just patched a critical security hole in Windows 10 discovered in 2018in patch tuesday released august 2020, microsoft patched a vulnerability that allowed hackers to turn msi files into java files that could spread malicious code on windows 10. and more importantly, malicious files. this harm retains the legal digital signature.
- Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullestthis vulnerability allows hackers to bypass the content security policy (csp) rules that were released in chrome 73. luckily, google has a patch for this vulnerability now.