Cisco is again patching major vulnerabilities in Jabber that enabled rce – Computer – News

Cisco has one again remote code executionvulnerability in its Jabber messaging software. The hole, which came to light in September, turned out to be incorrectly patched at the time and now treated again by Cisco. The hole is given a CVSS score of 9.9.

This is a vulnerability in the chat section of Jabber. An attacker could with a single message, from which it could not be concluded that something was wrong, remote code executionPrivileges at the target. This is because the app is unable to properly filter malicious elements. The target can be any user and the only solution is to update to the recently released version; there are no workarounds and all platforms are affected. Both in September and now, the security company Watchcom is pulls the bell.

The vulnerabilities are CVE-2020-26085, 27132 and 27127. Cisco has in its report an overview of which versions of his releases no longer have the vulnerability. The advice of the security company that exposes the vulnerabilities then and now is to update immediately and block external communications until that is done.

Proof of concept at the time of the first announcement, early September 2020

–