Sign-up

ID

VAR-202101-0325


CVE

CVE-2020-26085


TITLE

plural  Cisco Jabber  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-015367

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions

Trust: 1.71

sources: NVD: CVE-2020-26085 // JVNDB: JVNDB-2020-015367 // VULHUB: VHN-180128

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:ltversion:12.8.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.6.4

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.5

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.7

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.7.3

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.5.3

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.1.4

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.6

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.3

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.9

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.8

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015367 // NVD: CVE-2020-26085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26085
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26085
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-26085
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-863
value: CRITICAL

Trust: 0.6

VULHUB: VHN-180128
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-26085
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-180128
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26085
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 2.0

NVD: CVE-2020-26085
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-180128 // JVNDB: JVNDB-2020-015367 // CNNVD: CNNVD-202012-863 // NVD: CVE-2020-26085 // NVD: CVE-2020-26085

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180128 // JVNDB: JVNDB-2020-015367 // NVD: CVE-2020-26085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-863

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202012-863

PATCH

title:cisco-sa-jabber-ZktzjpgOurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO

Trust: 0.8

title:Jabber Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136571

Trust: 0.6

sources: JVNDB: JVNDB-2020-015367 // CNNVD: CNNVD-202012-863

EXTERNAL IDS

db:NVDid:CVE-2020-26085

Trust: 2.5

db:JVNDBid:JVNDB-2020-015367

Trust: 0.8

db:CNNVDid:CNNVD-202012-863

Trust: 0.7

db:AUSCERTid:ESB-2020.4378

Trust: 0.6

db:VULHUBid:VHN-180128

Trust: 0.1

sources: VULHUB: VHN-180128 // JVNDB: JVNDB-2020-015367 // CNNVD: CNNVD-202012-863 // NVD: CVE-2020-26085

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-zktzjpgo

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-26085

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4378/

Trust: 0.6

sources: VULHUB: VHN-180128 // JVNDB: JVNDB-2020-015367 // CNNVD: CNNVD-202012-863 // NVD: CVE-2020-26085

SOURCES

db:VULHUBid:VHN-180128
db:JVNDBid:JVNDB-2020-015367
db:CNNVDid:CNNVD-202012-863
db:NVDid:CVE-2020-26085

LAST UPDATE DATE

2024-11-23T21:58:52.069000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-180128date:2021-01-11T00:00:00
db:JVNDBid:JVNDB-2020-015367date:2021-09-17T07:52:00
db:CNNVDid:CNNVD-202012-863date:2021-01-20T00:00:00
db:NVDid:CVE-2020-26085date:2024-11-21T05:19:12.493

SOURCES RELEASE DATE

db:VULHUBid:VHN-180128date:2021-01-07T00:00:00
db:JVNDBid:JVNDB-2020-015367date:2021-09-17T00:00:00
db:CNNVDid:CNNVD-202012-863date:2020-12-10T00:00:00
db:NVDid:CVE-2020-26085date:2021-01-07T00:15:14.663