Details of VAR-202103-0536

ID

VAR-202103-0536

CVE

CVE-2021-1417

TITLE

plural OS Run on Cisco Jabber Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004798

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. plural OS Run on Cisco Jabber Contains an information disclosure vulnerability.Information may be obtained. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions. The following products and versions are affected: Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could

Trust: 1.8

sources: NVD: CVE-2021-1417 // JVNDB: JVNDB-2021-004798 // VULHUB: VHN-374471 // VULMON: CVE-2021-1417

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	gte	version:	12.7.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.9.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.1.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.7.4	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.8.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.8.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.6.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.5.4	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.6.5	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	gte	version:	12.5.0	Trust: 1.0
vendor:	cisco	model:	jabber	scope:	lt	version:	12.9.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco jabber	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco jabber	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004798 // NVD: CVE-2021-1417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1417
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1417
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-1417
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-1452
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374471
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1417
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1417
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374471
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1417
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1417
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1417
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374471 // VULMON: CVE-2021-1417 // JVNDB: JVNDB-2021-004798 // CNNVD: CNNVD-202103-1452 // NVD: CVE-2021-1417 // NVD: CVE-2021-1417

PROBLEMTYPE DATA

problemtype:	CWE-170	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004798 // NVD: CVE-2021-1417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1452

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202103-1452

PATCH

title:	cisco-sa-cisco-jabber-PWrTATTC	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC	Trust: 0.8
title:	Cisco Jabber Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=145732	Trust: 0.6
title:	Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cisco-jabber-PWrTATTC	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/	Trust: 0.1

sources: VULMON: CVE-2021-1417 // JVNDB: JVNDB-2021-004798 // CNNVD: CNNVD-202103-1452

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1417	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004798	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1452	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1010	Trust: 0.6
db:	VULHUB	id:	VHN-374471	Trust: 0.1
db:	VULMON	id:	CVE-2021-1417	Trust: 0.1

sources: VULHUB: VHN-374471 // VULMON: CVE-2021-1417 // JVNDB: JVNDB-2021-004798 // CNNVD: CNNVD-202103-1452 // NVD: CVE-2021-1417

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-jabber-pwrtattc	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1417	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.1010	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198681	Trust: 0.1

sources: VULHUB: VHN-374471 // VULMON: CVE-2021-1417 // JVNDB: JVNDB-2021-004798 // CNNVD: CNNVD-202103-1452 // NVD: CVE-2021-1417

SOURCES

db:	VULHUB	id:	VHN-374471
db:	VULMON	id:	CVE-2021-1417
db:	JVNDB	id:	JVNDB-2021-004798
db:	CNNVD	id:	CNNVD-202103-1452
db:	NVD	id:	CVE-2021-1417

LAST UPDATE DATE

2024-11-23T21:50:56.993000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374471	date:	2022-10-29T00:00:00
db:	VULMON	id:	CVE-2021-1417	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004798	date:	2021-11-30T06:13:00
db:	CNNVD	id:	CNNVD-202103-1452	date:	2022-10-31T00:00:00
db:	NVD	id:	CVE-2021-1417	date:	2024-11-21T05:44:18.937

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374471	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1417	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004798	date:	2021-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202103-1452	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1417	date:	2021-03-24T21:15:13.287