Details of VAR-202009-1137

ID

VAR-202009-1137

CVE

CVE-2020-3430

TITLE

Windows for Cisco Jabber In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010745

DESCRIPTION

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software. Windows for Cisco Jabber Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Both Cisco Jabber for Windows and Cisco Jabber are products of Cisco. Cisco Jabber for Windows is a unified communication client solution for Windows platform. The program provides online status display, instant messaging, voice and other functions. Cisco Jabber is a unified communications client solution. The program provides online status display, instant messaging, voice and other functions. There is a security vulnerability in Cisco Jabber based on the Windows platform

Trust: 1.71

sources: NVD: CVE-2020-3430 // JVNDB: JVNDB-2020-010745 // VULHUB: VHN-181555

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	lt	version:	12.5.2	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.8.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.7	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.6.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.9.1	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.6	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.1.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.1	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.7.2	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.9	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.8	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco jabber	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco jabber	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010745 // NVD: CVE-2020-3430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3430
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3430
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3430
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202009-127
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181555
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3430
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181555
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3430
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3430
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181555 // JVNDB: JVNDB-2020-010745 // CNNVD: CNNVD-202009-127 // NVD: CVE-2020-3430 // NVD: CVE-2020-3430

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181555 // JVNDB: JVNDB-2020-010745 // NVD: CVE-2020-3430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-127

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202009-127

PATCH

title:

cisco-sa-jabber-vY8M4KGB

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB

Trust: 0.8

sources: JVNDB: JVNDB-2020-010745

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3430	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010745	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-127	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3026	Trust: 0.6
db:	NSFOCUS	id:	49085	Trust: 0.6
db:	VULHUB	id:	VHN-181555	Trust: 0.1

sources: VULHUB: VHN-181555 // JVNDB: JVNDB-2020-010745 // CNNVD: CNNVD-202009-127 // NVD: CVE-2020-3430

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-vy8m4kgb	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3430	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/49085	Trust: 0.6
url:	https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-043.pdf	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3026/	Trust: 0.6

sources: VULHUB: VHN-181555 // JVNDB: JVNDB-2020-010745 // CNNVD: CNNVD-202009-127 // NVD: CVE-2020-3430

SOURCES

db:	VULHUB	id:	VHN-181555
db:	JVNDB	id:	JVNDB-2020-010745
db:	CNNVD	id:	CNNVD-202009-127
db:	NVD	id:	CVE-2020-3430

LAST UPDATE DATE

2024-11-23T22:21:02.259000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181555	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-010745	date:	2021-02-03T02:26:00
db:	CNNVD	id:	CNNVD-202009-127	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-3430	date:	2024-11-21T05:31:03.293

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181555	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-010745	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202009-127	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-3430	date:	2020-09-04T03:15:10.013