Details of VAR-202009-1178

ID

VAR-202009-1178

CVE

CVE-2020-3498

TITLE

Cisco Jabber Software input verification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010751

DESCRIPTION

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks. Cisco Jabber The software contains an input verification vulnerability.Information may be obtained. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions

Trust: 1.71

sources: NVD: CVE-2020-3498 // JVNDB: JVNDB-2020-010751 // VULHUB: VHN-181623

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	lt	version:	12.5.2	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.8.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.7	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.6.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.9.1	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.6	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.1.3	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.1	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.7.2	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.9	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.8	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco jabber	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco jabber	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010751 // NVD: CVE-2020-3498

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3498
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3498
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3498
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-088
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181623
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3498
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181623
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3498
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3498
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181623 // JVNDB: JVNDB-2020-010751 // CNNVD: CNNVD-202009-088 // NVD: CVE-2020-3498 // NVD: CVE-2020-3498

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-200	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181623 // JVNDB: JVNDB-2020-010751 // NVD: CVE-2020-3498

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-088

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-088

PATCH

title:

cisco-sa-jabber-ttcgB9R3

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3

Trust: 0.8

sources: JVNDB: JVNDB-2020-010751

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3498	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010751	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-088	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3026	Trust: 0.6
db:	NSFOCUS	id:	49087	Trust: 0.6
db:	CNVD	id:	CNVD-2020-51776	Trust: 0.1
db:	VULHUB	id:	VHN-181623	Trust: 0.1

sources: VULHUB: VHN-181623 // JVNDB: JVNDB-2020-010751 // CNNVD: CNNVD-202009-088 // NVD: CVE-2020-3498

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-ttcgb9r3	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3498	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3026/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49087	Trust: 0.6

sources: VULHUB: VHN-181623 // JVNDB: JVNDB-2020-010751 // CNNVD: CNNVD-202009-088 // NVD: CVE-2020-3498

SOURCES

db:	VULHUB	id:	VHN-181623
db:	JVNDB	id:	JVNDB-2020-010751
db:	CNNVD	id:	CNNVD-202009-088
db:	NVD	id:	CVE-2020-3498

LAST UPDATE DATE

2024-11-23T22:21:02.284000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181623	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-010751	date:	2021-02-03T02:26:00
db:	CNNVD	id:	CNNVD-202009-088	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-3498	date:	2024-11-21T05:31:11.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181623	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-010751	date:	2021-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202009-088	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2020-3498	date:	2020-09-04T03:15:10.527