Sign-up

ID

VAR-202012-0621


CVE

CVE-2020-27134


TITLE

plural  Cisco Jabber  Product permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-014183

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions. An input validation error vulnerability exists in Cisco Jabber due to improper validation of email content. An attacker can exploit the security vulnerability by sending a specially crafted XMPP message to the affected software. By interacting with the target user's message, the attacker can inject arbitrary script code in the Jabber message window interface

Trust: 1.71

sources: NVD: CVE-2020-27134 // JVNDB: JVNDB-2020-014183 // VULHUB: VHN-370515

AFFECTED PRODUCTS

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(0\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(2\)

Trust: 1.0

vendor:ciscomodel:jabber for mobile platformsscope:eqversion:12.9\(1\)

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:12.9\(3\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014183 // NVD: CVE-2020-27134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27134
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-27134
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-27134
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-852
value: CRITICAL

Trust: 0.6

VULHUB: VHN-370515
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27134
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-370515
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27134
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 2.0

NVD: CVE-2020-27134
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370515 // JVNDB: JVNDB-2020-014183 // CNNVD: CNNVD-202012-852 // NVD: CVE-2020-27134 // NVD: CVE-2020-27134

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-370515 // JVNDB: JVNDB-2020-014183 // NVD: CVE-2020-27134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-852

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-852

PATCH

title:cisco-sa-jabber-ZktzjpgOurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO

Trust: 0.8

title:Cisco Jabber Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136562

Trust: 0.6

sources: JVNDB: JVNDB-2020-014183 // CNNVD: CNNVD-202012-852

EXTERNAL IDS

db:NVDid:CVE-2020-27134

Trust: 2.5

db:JVNDBid:JVNDB-2020-014183

Trust: 0.8

db:CNNVDid:CNNVD-202012-852

Trust: 0.7

db:AUSCERTid:ESB-2020.4378

Trust: 0.6

db:VULHUBid:VHN-370515

Trust: 0.1

sources: VULHUB: VHN-370515 // JVNDB: JVNDB-2020-014183 // CNNVD: CNNVD-202012-852 // NVD: CVE-2020-27134

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-zktzjpgo

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27134

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4378/

Trust: 0.6

sources: VULHUB: VHN-370515 // JVNDB: JVNDB-2020-014183 // CNNVD: CNNVD-202012-852 // NVD: CVE-2020-27134

SOURCES

db:VULHUBid:VHN-370515
db:JVNDBid:JVNDB-2020-014183
db:CNNVDid:CNNVD-202012-852
db:NVDid:CVE-2020-27134

LAST UPDATE DATE

2024-11-23T21:58:51.991000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-370515date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2020-014183date:2021-08-04T07:45:00
db:CNNVDid:CNNVD-202012-852date:2021-10-20T00:00:00
db:NVDid:CVE-2020-27134date:2024-11-21T05:20:46.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-370515date:2020-12-11T00:00:00
db:JVNDBid:JVNDB-2020-014183date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202012-852date:2020-12-10T00:00:00
db:NVDid:CVE-2020-27134date:2020-12-11T17:15:13.277