Sign-up

ID

VAR-202012-0620


CVE

CVE-2020-27133


TITLE

plural  Cisco Jabber  Product permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-014182

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions. An authorization issue vulnerability exists in Cisco Jabber. The vulnerability is caused by the software allowing unauthenticated users to execute commands and improper handling of input to the application protocol handler. Execute arbitrary commands on the target system without the privileges of the client software's user account

Trust: 1.8

sources: NVD: CVE-2020-27133 // JVNDB: JVNDB-2020-014182 // VULHUB: VHN-370513 // VULMON: CVE-2020-27133

AFFECTED PRODUCTS

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014182 // NVD: CVE-2020-27133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27133
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-27133
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-27133
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-855
value: CRITICAL

Trust: 0.6

VULHUB: VHN-370513
value: HIGH

Trust: 0.1

VULMON: CVE-2020-27133
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27133
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-370513
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27133
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 2.0

NVD: CVE-2020-27133
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370513 // VULMON: CVE-2020-27133 // JVNDB: JVNDB-2020-014182 // CNNVD: CNNVD-202012-855 // NVD: CVE-2020-27133 // NVD: CVE-2020-27133

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-370513 // JVNDB: JVNDB-2020-014182 // NVD: CVE-2020-27133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-855

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202012-855

PATCH

title:cisco-sa-jabber-ZktzjpgOurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO

Trust: 0.8

title:Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-jabber-ZktzjpgO

Trust: 0.1

sources: VULMON: CVE-2020-27133 // JVNDB: JVNDB-2020-014182

EXTERNAL IDS

db:NVDid:CVE-2020-27133

Trust: 2.6

db:JVNDBid:JVNDB-2020-014182

Trust: 0.8

db:CNNVDid:CNNVD-202012-855

Trust: 0.7

db:AUSCERTid:ESB-2020.4378

Trust: 0.6

db:VULHUBid:VHN-370513

Trust: 0.1

db:VULMONid:CVE-2020-27133

Trust: 0.1

sources: VULHUB: VHN-370513 // VULMON: CVE-2020-27133 // JVNDB: JVNDB-2020-014182 // CNNVD: CNNVD-202012-855 // NVD: CVE-2020-27133

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-zktzjpgo

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-27133

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4378/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-370513 // VULMON: CVE-2020-27133 // JVNDB: JVNDB-2020-014182 // CNNVD: CNNVD-202012-855 // NVD: CVE-2020-27133

SOURCES

db:VULHUBid:VHN-370513
db:VULMONid:CVE-2020-27133
db:JVNDBid:JVNDB-2020-014182
db:CNNVDid:CNNVD-202012-855
db:NVDid:CVE-2020-27133

LAST UPDATE DATE

2024-11-23T21:58:52.017000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-370513date:2020-12-11T00:00:00
db:VULMONid:CVE-2020-27133date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014182date:2021-08-04T07:45:00
db:CNNVDid:CNNVD-202012-855date:2020-12-16T00:00:00
db:NVDid:CVE-2020-27133date:2024-11-21T05:20:46.447

SOURCES RELEASE DATE

db:VULHUBid:VHN-370513date:2020-12-11T00:00:00
db:VULMONid:CVE-2020-27133date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014182date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202012-855date:2020-12-10T00:00:00
db:NVDid:CVE-2020-27133date:2020-12-11T17:15:13.197