Sign-up

ID

VAR-202103-0529


CVE

CVE-2021-1418


TITLE

plural  Cisco Jabber  Inappropriate in the product  NULL  Vulnerability regarding termination by

Trust: 0.8

sources: JVNDB: JVNDB-2021-006417

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. The program provides online status display, instant messaging, voice and other functions

Trust: 1.8

sources: NVD: CVE-2021-1418 // JVNDB: JVNDB-2021-006417 // VULHUB: VHN-374472 // VULMON: CVE-2021-1418

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:gteversion:12.7.0

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.9.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.1.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.7.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.5

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.8.0

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.6.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.7

Trust: 1.0

vendor:ciscomodel:jabberscope:lteversion:12.9.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.5.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.6.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.6

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.5.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006417 // NVD: CVE-2021-1418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1418
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1418
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1418
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1404
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374472
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1418
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1418
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374472
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1418
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1418
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-1418
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374472 // VULMON: CVE-2021-1418 // JVNDB: JVNDB-2021-006417 // CNNVD: CNNVD-202103-1404 // NVD: CVE-2021-1418 // NVD: CVE-2021-1418

PROBLEMTYPE DATA

problemtype:CWE-170

Trust: 1.1

problemtype:Inappropriate NULL End by (CWE-170) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374472 // JVNDB: JVNDB-2021-006417 // NVD: CVE-2021-1418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1404

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1404

PATCH

title:cisco-sa-cisco-jabber-PWrTATTCurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC

Trust: 0.8

title:Cisco Jabber for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145706

Trust: 0.6

title:Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cisco-jabber-PWrTATTC

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/

Trust: 0.1

sources: VULMON: CVE-2021-1418 // JVNDB: JVNDB-2021-006417 // CNNVD: CNNVD-202103-1404

EXTERNAL IDS

db:NVDid:CVE-2021-1418

Trust: 3.4

db:JVNDBid:JVNDB-2021-006417

Trust: 0.8

db:AUSCERTid:ESB-2021.1010

Trust: 0.6

db:CNNVDid:CNNVD-202103-1404

Trust: 0.6

db:VULHUBid:VHN-374472

Trust: 0.1

db:VULMONid:CVE-2021-1418

Trust: 0.1

sources: VULHUB: VHN-374472 // VULMON: CVE-2021-1418 // JVNDB: JVNDB-2021-006417 // CNNVD: CNNVD-202103-1404 // NVD: CVE-2021-1418

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-jabber-pwrtattc

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1418

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.1010

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/170.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198682

Trust: 0.1

sources: VULHUB: VHN-374472 // VULMON: CVE-2021-1418 // JVNDB: JVNDB-2021-006417 // CNNVD: CNNVD-202103-1404 // NVD: CVE-2021-1418

SOURCES

db:VULHUBid:VHN-374472
db:VULMONid:CVE-2021-1418
db:JVNDBid:JVNDB-2021-006417
db:CNNVDid:CNNVD-202103-1404
db:NVDid:CVE-2021-1418

LAST UPDATE DATE

2024-11-23T21:50:56.965000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374472date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1418date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-006417date:2022-01-06T06:48:00
db:CNNVDid:CNNVD-202103-1404date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1418date:2024-11-21T05:44:19.057

SOURCES RELEASE DATE

db:VULHUBid:VHN-374472date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1418date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-006417date:2022-01-06T00:00:00
db:CNNVDid:CNNVD-202103-1404date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1418date:2021-03-24T21:15:13.367