News

Cisco is again patching major vulnerabilities in Jabber that enabled rce

By admin
Spread the love

Cisco has again fixed a remote code execution vulnerability in its Jabber messaging software. The hole, which came to light in September, turned out to be incorrectly patched at the time and now treated again by Cisco. The hole is given a CVSS score of 9.9.

This is a vulnerability in the chat section of Jabber. An attacker could gain remote code execution privileges from the target with a single message that could not be identified as being wrong. This is because the app is unable to properly filter malicious elements. The target can be any user and the only solution is to update to the recently released version; there are no workarounds and all platforms are affected. Both in September and now, the security company Watchcom is calling the shots.

The vulnerabilities are CVE-2020-26085, 27132, 27133, 27134 and 27127. In its report, Cisco has an overview of which versions of its releases no longer have the vulnerability. The advice of the security company that exposes the vulnerabilities then and now is to update immediately and block external communications until that is done.

Proof of concept at the time of the first announcement, early September 2020

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support