Watchcom reviewed the fixes after a customer requested an audit to verify that the bugs had been sufficiently mitigated in existing Cisco fixes. He found that the bugs had not been mitigated.
Two of the three poorly fixed bugs can be used to achieve remote code execution. One of them can also be used to get NT LAN Manager (NTLM) password hashes from users voice engineer job.
“Two of the vulnerabilities are due to the ability to inject custom HTML tags into XMPP messages,” says Watchcom penetration tester Fredrik Bugge Lyche. “The patch released in September only patched specific injection points that Watchcom had identified. The underlying problem has not been addressed. We were therefore able to find new injection points that could be used to exploit vulnerabilities"
"Disable communication with external organizations via Cisco Jabber"
“As some of the vulnerabilities are old, organizations should consider disabling communication with external organizations through Cisco Jabber until all employees have installed the update,” he adds.
Cisco also found two other bugs in Jabber during internal testing. They are tracked as CVE-2020-27133 and CVE-2020-27134.
CVE-2020-27134 is a vulnerability in the processing functionality of application protocols of Jabber for Windows, which has a severity rating of 8 out of 10.
CVE-2020-27133 has a severity rating of 8.8 out of 10 and affects Jabber for Windows and Jabber for MacOS. It can allow an authenticated and remote attacker to access sensitive information.
No comments:
Post a Comment