Sign-up

ID

VAR-202012-0619


CVE

CVE-2020-27132


TITLE

plural  Cisco Jabber  Product permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-014181

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. Microsoft Windows is a desktop operating system of Microsoft Corporation. Cisco Jabber has an input validation error vulnerability, which is caused by the software's incorrect validation of email content. An attacker could exploit this vulnerability by sending a specially crafted message to the targeted system. A successful exploit could allow an attacker to cause the application to return sensitive authentication information to another system, possibly for further attacks

Trust: 1.71

sources: NVD: CVE-2020-27132 // JVNDB: JVNDB-2020-014181 // VULHUB: VHN-370511

AFFECTED PRODUCTS

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014181 // NVD: CVE-2020-27132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27132
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-27132
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-27132
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-857
value: CRITICAL

Trust: 0.6

VULHUB: VHN-370511
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27132
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-370511
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27132
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 2.0

NVD: CVE-2020-27132
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370511 // JVNDB: JVNDB-2020-014181 // CNNVD: CNNVD-202012-857 // NVD: CVE-2020-27132 // NVD: CVE-2020-27132

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-370511 // JVNDB: JVNDB-2020-014181 // NVD: CVE-2020-27132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-857

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202012-857

PATCH

title:cisco-sa-jabber-ZktzjpgOurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO

Trust: 0.8

title:Cisco Jabber Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136566

Trust: 0.6

sources: JVNDB: JVNDB-2020-014181 // CNNVD: CNNVD-202012-857

EXTERNAL IDS

db:NVDid:CVE-2020-27132

Trust: 2.5

db:JVNDBid:JVNDB-2020-014181

Trust: 0.8

db:CNNVDid:CNNVD-202012-857

Trust: 0.7

db:AUSCERTid:ESB-2020.4378

Trust: 0.6

db:VULHUBid:VHN-370511

Trust: 0.1

sources: VULHUB: VHN-370511 // JVNDB: JVNDB-2020-014181 // CNNVD: CNNVD-202012-857 // NVD: CVE-2020-27132

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-zktzjpgo

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27132

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4378/

Trust: 0.6

sources: VULHUB: VHN-370511 // JVNDB: JVNDB-2020-014181 // CNNVD: CNNVD-202012-857 // NVD: CVE-2020-27132

SOURCES

db:VULHUBid:VHN-370511
db:JVNDBid:JVNDB-2020-014181
db:CNNVDid:CNNVD-202012-857
db:NVDid:CVE-2020-27132

LAST UPDATE DATE

2024-11-23T21:58:52.094000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-370511date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014181date:2021-08-04T07:45:00
db:CNNVDid:CNNVD-202012-857date:2020-12-16T00:00:00
db:NVDid:CVE-2020-27132date:2024-11-21T05:20:46.337

SOURCES RELEASE DATE

db:VULHUBid:VHN-370511date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014181date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202012-857date:2020-12-10T00:00:00
db:NVDid:CVE-2020-27132date:2020-12-11T17:15:13.120