However, successful exploitation of CVE-2021-1411-which doesn't require user interaction-can enable authenticated, remote attackers to execute arbitrary programs on Windows, macOS, Android, or iOS devices running unpatched Jabber client software. Luckily, to exploit this critical bug, attackers need to be authenticated to an XMPP server used by the vulnerable software to send maliciously-crafted XMPP messages to their target's device.Īdditionally, the vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes. The security flaw tracked as CVE-2021-1411 was rated by Cisco with a 9.9/10 severity score, and it is caused by improper input validation of incoming messages' contents.
Cisco's Product Security Incident Response Team (PSIRT) says that the flaw is not currently exploited in the wild. The vulnerability was reported by Olav Sortland Thoresen of Watchcom. Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS.Ĭisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol (XMPP).
0 kommentar(er)
