Details of VAR-202012-0618

ID

VAR-202012-0618

CVE

CVE-2020-27127

TITLE

plural Cisco Jabber Product Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-014180

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions

Trust: 1.71

sources: NVD: CVE-2020-27127 // JVNDB: JVNDB-2020-014180 // VULHUB: VHN-370501

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber for mobile platforms	scope:	eq	version:	12.9\(2\)	Trust: 1.0
vendor:	cisco	model:	jabber for mobile platforms	scope:	eq	version:	12.9\(3\)	Trust: 1.0
vendor:	cisco	model:	jabber for mobile platforms	scope:	eq	version:	12.9\(0\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	12.9\(0\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	12.9\(1\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	12.9\(2\)	Trust: 1.0
vendor:	cisco	model:	jabber for mobile platforms	scope:	eq	version:	12.9\(1\)	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	eq	version:	12.9\(3\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco jabber	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco jabber	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014180 // NVD: CVE-2020-27127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27127
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-27127
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-27127
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202012-861
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-370501
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-27127
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-370501
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27127
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 2.0
NVD:	CVE-2020-27127
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-370501 // JVNDB: JVNDB-2020-014180 // CNNVD: CNNVD-202012-861 // NVD: CVE-2020-27127 // NVD: CVE-2020-27127

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-201	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-370501 // JVNDB: JVNDB-2020-014180 // NVD: CVE-2020-27127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-861

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-861

PATCH

title:	cisco-sa-jabber-ZktzjpgO	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO	Trust: 0.8
title:	Cisco Jabber Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136594	Trust: 0.6

sources: JVNDB: JVNDB-2020-014180 // CNNVD: CNNVD-202012-861

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27127	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-014180	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-861	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.4378	Trust: 0.6
db:	VULHUB	id:	VHN-370501	Trust: 0.1

sources: VULHUB: VHN-370501 // JVNDB: JVNDB-2020-014180 // CNNVD: CNNVD-202012-861 // NVD: CVE-2020-27127

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-zktzjpgo	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27127	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.4378/	Trust: 0.6

sources: VULHUB: VHN-370501 // JVNDB: JVNDB-2020-014180 // CNNVD: CNNVD-202012-861 // NVD: CVE-2020-27127

SOURCES

db:	VULHUB	id:	VHN-370501
db:	JVNDB	id:	JVNDB-2020-014180
db:	CNNVD	id:	CNNVD-202012-861
db:	NVD	id:	CVE-2020-27127

LAST UPDATE DATE

2024-11-23T21:58:52.045000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-370501	date:	2020-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-014180	date:	2021-08-04T07:45:00
db:	CNNVD	id:	CNNVD-202012-861	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-27127	date:	2024-11-21T05:20:45.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-370501	date:	2020-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-014180	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202012-861	date:	2020-12-10T00:00:00
db:	NVD	id:	CVE-2020-27127	date:	2020-12-11T17:15:12.980