Wednesday 20 January 2021

Critical bug 9.9 / 10 at Cisco: Quickly fix this hole in Jabber for Windows and MacOS

Watchcom reported four vulnerabilities to Cisco earlier this year

According to Cisco, the bugs allow an attacker "to run arbitrary programs on the underlying operating system with elevated privileges or to access sensitive information." Customers have no choice but to install the latest updates to prevent attacks voice engineer jobs.

Norwegian security firm Watchcom discovered earlier this year that Jabber was vulnerable to a cross-site scripting (XSS) attack through XHTML-IM messages. Jabber did not properly sanitize incoming HTML messages and instead passed them through a faulty XSS filter.

Cisco notes that new message processing vulnerabilities can be exploited if an attacker can send Extensible Messaging and Presence Protocol (XMPP) messages to end user systems that are running Cisco Jabber. "Attackers may need access to the same XMPP domain or another access method to be able to send messages to clients," Cisco notes in a notice .

The three partially fixed bugs are tracked as CVE-2020-26085, CVE-2020-27127, and CVE-2020-27132.

Watchcom reported four vulnerabilities to Cisco earlier this year, and they were revealed by the network giant in September. But three of them weren't properly fixed in updates at the time, according to Watchcom.

Failed mitigation

Watchcom reviewed the fixes after a customer requested an audit to verify that the bugs had been sufficiently mitigated in existing Cisco fixes. He found that the bugs had not been mitigated.

Two of the three poorly fixed bugs can be used to achieve remote code execution. One of them can also be used to get NT LAN Manager (NTLM) password hashes from users.

“Two of the vulnerabilities are due to the ability to inject custom HTML tags into XMPP messages,” says Watchcom penetration tester Fredrik Bugge Lyche. “The patch released in September only patched specific injection points that Watchcom had identified. The underlying problem has not been addressed. We were therefore able to find new injection points that could be used to exploit vulnerabilities

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Aruba HPE Instant On Small Business Access Point Overview

Features of the Aruba brand and the Instant On line The Aruba brand is owned by the American company Hewlett Packard Enterprise (HPE) and is...