Security advisories | Mar 25, 2021
Cisco Jabber Critical Vulnerability - CVE-2021-1411
THE THREAT
Cisco has announced multiple vulnerabilities impacting Cisco Jabber, a unified communications solution, affecting Windows, MacOS and mobile platforms.
The highest impact vulnerability from this release is a Remote Code Execution (RCE) vulnerability affecting Windows devices, tracked as CVE-2021-1411 (CVSS: 9.9). A previously authenticated threat actor could exploit vulnerable Cisco Jabber versions to execute arbitrary code as the user running a vulnerable Jabber client in victim environments.
Organizations are strongly recommended to apply the security update from Cisco before exploitation is identified in the wild.
What we’re doing about it
- MVS will automatically add the relevant plugins for these vulnerabilities once details are made available
- eSentire security teams continue to track this topic and additional detection measures are currently under review
What you should do about it
- After performing a business impact review, apply the relevant security patches provided by Cisco
- Workarounds are not available for this vulnerability, increasing the importance of applying the official security patch
Additional information
Vulnerabilities Announced:
- CVE-2021-1411: (CVSS: 9.9) Cisco Jabber Arbitrary Program Execution Vulnerability
- Impacts Cisco Jabber on Windows
- CVE-2021-1469: (CVSS: 7.2) Cisco Jabber Arbitrary Program Execution Vulnerability
- Impacts Cisco Jabber on Windows
- CVE-2021-1417: (CVSS: 5.6) Cisco Jabber Information Disclosure Vulnerability
- Impacts Cisco Jabber on Windows
- CVE-2021-1471: (CVSS: 5.6) Cisco Jabber Certificate Validation Vulnerability
- Impacts Cisco Jabber on Windows, MacOS, Android, and iOS
- CVE-2021-1418: (CVSS: 4.3) Cisco Jabber Denial of Service Vulnerability
- Impacts Cisco Jabber on Windows, MacOS, Android, and iOS
None of the vulnerabilities listed in this advisory are known to be exploited in the wild or have functioning public Proof-of-Concept (PoC) exploit code at the time of writing. CVE-2021-1411 is likely to attract significant attention from both threat actors and security researchers.
References:
[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC