Sign-up

ID

VAR-202103-0767


CVE

CVE-2021-1471


TITLE

Cisco Jabber  Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2021-004754

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber Contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions. The following products and versions are affected: Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could

Trust: 1.8

sources: NVD: CVE-2021-1471 // JVNDB: JVNDB-2021-004754 // VULHUB: VHN-374525 // VULMON: CVE-2021-1471

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:gteversion:12.7.0

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.9.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.1.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.7.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.5

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.8.0

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.6.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.8.7

Trust: 1.0

vendor:ciscomodel:jabberscope:lteversion:12.9.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.5.4

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.6.5

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.6

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.5.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004754 // NVD: CVE-2021-1471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1471
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1471
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1471
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374525
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1471
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374525
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1471
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 3.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1471
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-1471
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374525 // VULMON: CVE-2021-1471 // JVNDB: JVNDB-2021-004754 // CNNVD: CNNVD-202103-1405 // NVD: CVE-2021-1471 // NVD: CVE-2021-1471

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-170

Trust: 1.0

problemtype:Bad certificate verification (CWE-295) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374525 // JVNDB: JVNDB-2021-004754 // NVD: CVE-2021-1471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1405

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1405

PATCH

title:cisco-sa-cisco-jabber-PWrTATTCurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC

Trust: 0.8

title:Cisco Jabber Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145707

Trust: 0.6

title:Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cisco-jabber-PWrTATTC

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/

Trust: 0.1

sources: VULMON: CVE-2021-1471 // JVNDB: JVNDB-2021-004754 // CNNVD: CNNVD-202103-1405

EXTERNAL IDS

db:NVDid:CVE-2021-1471

Trust: 2.6

db:JVNDBid:JVNDB-2021-004754

Trust: 0.8

db:AUSCERTid:ESB-2021.1010

Trust: 0.6

db:CNNVDid:CNNVD-202103-1405

Trust: 0.6

db:CNVDid:CNVD-2021-24465

Trust: 0.1

db:VULHUBid:VHN-374525

Trust: 0.1

db:VULMONid:CVE-2021-1471

Trust: 0.1

sources: VULHUB: VHN-374525 // VULMON: CVE-2021-1471 // JVNDB: JVNDB-2021-004754 // CNNVD: CNNVD-202103-1405 // NVD: CVE-2021-1471

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-jabber-pwrtattc

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1471

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.1010

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/295.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198684

Trust: 0.1

sources: VULHUB: VHN-374525 // VULMON: CVE-2021-1471 // JVNDB: JVNDB-2021-004754 // CNNVD: CNNVD-202103-1405 // NVD: CVE-2021-1471

SOURCES

db:VULHUBid:VHN-374525
db:VULMONid:CVE-2021-1471
db:JVNDBid:JVNDB-2021-004754
db:CNNVDid:CNNVD-202103-1405
db:NVDid:CVE-2021-1471

LAST UPDATE DATE

2024-11-23T21:50:57.078000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374525date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1471date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004754date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202103-1405date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1471date:2024-11-21T05:44:25.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-374525date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1471date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004754date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202103-1405date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1471date:2021-03-24T20:15:15.977