Discovered a particularly dangerous vulnerability in Cisco Jabber video conferencing software
Network equipment maker Cisco has released a new version of its Jabber web conferencing and messaging application for Windows 10. This new release includes fixes for many of the vulnerabilities that, if exploited, can expose them. allow hackers to attack, install and run arbitrary software on the victim's machine.
The vulnerabilities, discovered by Norwegian cybersecurity firm Watchcom, affect all active versions of Cisco Jabber. And for now, they have been patched by Cisco.
Two of the four vulnerabilities can be exploited to install and run arbitrary software on a victim's machine by sending messages specifically designed for group or individual chats.
The most serious of these was the codenamed CVE-2020-3495 vulnerability, a CVSS hazard rating of 9.9. This vulnerability leads to incorrect message content validation, so hackers can use them to send messages designed according to Extensible Messaging and Presence Protocol (XMPP).
"When the exploit is successful, the hacker can cause the application to launch arbitrary programs on the victim's system with the privileges of the user account running Cisco Jabber. From there, the hacker can run any code. or any software, " Cisco revealed.
Just a few days ago, Cisco had to warn of a zero-day vulnerability being actively exploited by hackers in the software of the IOS XR router.
Cisco recommends that users update to the latest version of Jabber software immediately.
You should read it
- Review the Cisco RV180 VPN router
- List the default password of Cisco routers and switches
- 4 places to help you learn skills and get Cisco certification
- 5 best Cisco network device monitoring tools
- Cisco security equipment is targeted at DoS attacks through an old vulnerability
- Instructions for configuring Cisco routers
- 10 commands to master when working with Cisco IOS
- Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security error
May be interested
- VMware patches RCE Spring4Shell vulnerability on a wide range of productsvmware has released a number of security updates to patch remote code execution for a dangerous vulnerability called spring4shell in the company's virtual machine and cloud products.
- Review the Cisco RV180 VPN routercisco's small business router lineup has many models. today's article will review the cisco rv180 vpn router. this router has wifi 802.11b / g / n standard, 2.4ghz band, supports 4 ssids based on vlan ...
- Huawei software hides a dangerous vulnerability that puts its MateBook at risk of being hackedthanks to the windows defender advanced threat protection (atp) protection mechanism, microsoft discovered two different vulnerabilities in huawei's windows pc manager software running on its windows platform that allowed hackers to take over the system's highest control. system.
- Authentication tool on many enterprise VPN applications that are bypassed by hackerssecurity experts have recently discovered that many corporate vpn applications are developed by software companies like palo alto networks, pulse secure, cisco and f5 networks that are hosting authentication cookies and session cookies. unsafe way of scene, capable of allowing an attacker to ignore the default authentication feature.
- Google integrates a video conferencing service directly into Gmailgoogle continues to actively develop its own video conferencing service by trying to make it more accessible to users.
- Google discovered a dangerous zero day vulnerability on many Samsung Galaxy, Huawei, Xiaomi and even Pixel phonesthis vulnerability affects many major phone companies including huawei p20, pixel 1 and pixel 2, xiaomi, samsung with galaxy s7, s8 and s9 ... and most likely exploited by hackers.
- Facebook introduces Workplace Rooms: Supports enterprise-level online conferencingnew video chat feature specific to workplace platform.
- Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security errorthere are more than 1000 cisco router and switch devices in vietnam (all devices used in large network environments and core systems) are subject to serious security errors.
- 5 best Cisco network device monitoring toolsnetwork monitoring is essential because it can help prevent attacks and solve problems before they cause financial loss to your organization.
- The student was suspended from school because he found a hole in the school's software systemthe student also discovered another vulnerability affecting 5000 different schools.