Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches Wormable, Zero-Click Vulnerability in Jabber

Three months after addressing a critical flaw in Jabber for Windows, Cisco released patches for a similar vulnerability in the video conferencing and instant messaging client.

Three months after addressing a critical flaw in Jabber for Windows, Cisco released patches for a similar vulnerability in the video conferencing and instant messaging client.

In early September, the company released fixes for a total of four security bugs in Jabber, the most severe of which featured a CVSS score of 9.9. It allowed attackers to execute arbitrary code remotely, through specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.

Several weeks after patches were issued, Watchcom, the security firm that found the bugs, discovered that the released patches were insufficient. This led to the identification of three new bugs, one of which features a CVSS score of 9.9.

Tracked as CVE-2020-26085, the critical vulnerability is a cross-site scripting (XSS) issue that leads to remote code execution (RCE) on the underlying operating system, with elevated privileges.

Built on the Chromium Embedded Framework (CEF), Jabber uses HTML, CSS, and JavaScript for the UI, along with other technologies. The XSS, Watchcom explains, could be used to escape the CEF sandbox without user interaction.

Furthermore, with the payload delivered via instant messages, the vulnerability is wormable, the security firm explains. The bug, which exists because the content of messages is not properly validated, affects both Jabber for Windows and Jabber for macOS.

“An attacker could exploit this vulnerability by sending specially crafted XMPP messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution,” Cisco explains.

Watchcom also discovered two medium-severity issues in Jabber (CVE-2020-27132 and CVE-2020-27127). The former can lead to leaking NTLM password hashes, while the latter could result in the attacker sending arbitrary input to the Jabber client, by tricking the user into clicking on a link.

Advertisement. Scroll to continue reading.

Internally, Cisco identified two other issues in Jabber, both rated high severity. The first of them, CVE-2020-27134 (CVSS score of 8.0), is an arbitrary script injection in Jabber for Windows and Jabber for macOS. Requiring user interaction, the flaw could lead to the execution of arbitrary programs or the leakage of sensitive information.

The second issue, CVE-2020-27133 (CVSS score of 8.8), affects Jabber for Windows and could lead to the execution of arbitrary commands. The attacker needs to convince the user to click on a link.

While there are no workarounds to mitigate these issues, Cisco has addressed them with software updates for the Windows, macOS, Android, and iOS Jabber clients. The company says it is not aware of these flaws being targeted in attacks.

“Since some of the vulnerabilities are wormable, organizations should consider disabling communication with external organizations through Cisco Jabber until all employees have installed the update. This can be done by disabling XMPP federation or configuring a policy for XMPP federation,” Watchcom notes.

Related: Cisco Patches Publicly Disclosed Vulnerabilities in Security Manager

Related: Cisco Patches 17 High-Severity Vulnerabilities in Security Appliances

Related: Cisco Patches 34 High-Severity Vulnerabilities in IOS Software

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.