eSentire White Logo

Security advisories | Mar 25, 2021

Cisco Jabber Critical Vulnerability - CVE-2021-1411

THE THREAT

Cisco has announced multiple vulnerabilities impacting Cisco Jabber, a unified communications solution, affecting Windows, MacOS and mobile platforms.

The highest impact vulnerability from this release is a Remote Code Execution (RCE) vulnerability affecting Windows devices, tracked as CVE-2021-1411 (CVSS: 9.9). A previously authenticated threat actor could exploit vulnerable Cisco Jabber versions to execute arbitrary code as the user running a vulnerable Jabber client in victim environments.

Organizations are strongly recommended to apply the security update from Cisco before exploitation is identified in the wild.

What we’re doing about it

  • MVS will automatically add the relevant plugins for these vulnerabilities once details are made available
  • eSentire security teams continue to track this topic and additional detection measures are currently under review

What you should do about it

  • After performing a business impact review, apply the relevant security patches provided by Cisco
    • Workarounds are not available for this vulnerability, increasing the importance of applying the official security patch

Additional information

Vulnerabilities Announced:

  • CVE-2021-1411: (CVSS: 9.9) Cisco Jabber Arbitrary Program Execution Vulnerability
    • Impacts Cisco Jabber on Windows
  • CVE-2021-1469: (CVSS: 7.2) Cisco Jabber Arbitrary Program Execution Vulnerability
    • Impacts Cisco Jabber on Windows
  • CVE-2021-1417: (CVSS: 5.6) Cisco Jabber Information Disclosure Vulnerability
    • Impacts Cisco Jabber on Windows
  • CVE-2021-1471: (CVSS: 5.6) Cisco Jabber Certificate Validation Vulnerability
    • Impacts Cisco Jabber on Windows, MacOS, Android, and iOS
  • CVE-2021-1418: (CVSS: 4.3) Cisco Jabber Denial of Service Vulnerability
    • Impacts Cisco Jabber on Windows, MacOS, Android, and iOS

None of the vulnerabilities listed in this advisory are known to be exploited in the wild or have functioning public Proof-of-Concept (PoC) exploit code at the time of writing. CVE-2021-1411 is likely to attract significant attention from both threat actors and security researchers.

References:

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC