Sign-up

ID

VAR-202009-1152


CVE

CVE-2020-3537


TITLE

Windows  for  Cisco Jabber  Software input verification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010753

DESCRIPTION

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks. Both Cisco Jabber for Windows and Cisco Jabber are products of Cisco. The program provides online status display, instant messaging, voice and other functions. Cisco Jabber is a unified communications client solution. The program provides online status display, instant messaging, voice and other functions

Trust: 1.71

sources: NVD: CVE-2020-3537 // JVNDB: JVNDB-2020-010753 // VULHUB: VHN-181662

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:ltversion:12.5.2

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.3

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.7

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.6.3

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.1

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.6

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.1.3

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.1

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.7.2

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.9

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.8

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010753 // NVD: CVE-2020-3537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3537
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3537
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3537
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-084
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181662
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3537
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181662
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3537
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2020-3537
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181662 // JVNDB: JVNDB-2020-010753 // CNNVD: CNNVD-202009-084 // NVD: CVE-2020-3537 // NVD: CVE-2020-3537

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-181662 // JVNDB: JVNDB-2020-010753 // NVD: CVE-2020-3537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-084

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202009-084

PATCH

title:cisco-sa-jabber-G3NSjPn7url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-G3NSjPn7

Trust: 0.8

sources: JVNDB: JVNDB-2020-010753

EXTERNAL IDS

db:NVDid:CVE-2020-3537

Trust: 2.5

db:JVNDBid:JVNDB-2020-010753

Trust: 0.8

db:CNNVDid:CNNVD-202009-084

Trust: 0.7

db:NSFOCUSid:49088

Trust: 0.6

db:AUSCERTid:ESB-2020.3026

Trust: 0.6

db:VULHUBid:VHN-181662

Trust: 0.1

sources: VULHUB: VHN-181662 // JVNDB: JVNDB-2020-010753 // CNNVD: CNNVD-202009-084 // NVD: CVE-2020-3537

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-g3nsjpn7

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3537

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3026/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49088

Trust: 0.6

sources: VULHUB: VHN-181662 // JVNDB: JVNDB-2020-010753 // CNNVD: CNNVD-202009-084 // NVD: CVE-2020-3537

SOURCES

db:VULHUBid:VHN-181662
db:JVNDBid:JVNDB-2020-010753
db:CNNVDid:CNNVD-202009-084
db:NVDid:CVE-2020-3537

LAST UPDATE DATE

2024-11-23T22:21:02.234000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181662date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2020-010753date:2021-02-03T02:26:00
db:CNNVDid:CNNVD-202009-084date:2021-10-20T00:00:00
db:NVDid:CVE-2020-3537date:2024-11-21T05:31:16.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-181662date:2020-09-04T00:00:00
db:JVNDBid:JVNDB-2020-010753date:2021-02-03T00:00:00
db:CNNVDid:CNNVD-202009-084date:2020-09-02T00:00:00
db:NVDid:CVE-2020-3537date:2020-09-04T03:15:10.730