Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3537

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.

Published

2020-09-04T03:15:10.730

Last Modified

2024-11-21T05:31:16.370

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	jabber	< 12.1.3	Yes
Application	cisco	jabber	< 12.5.2	Yes
Application	cisco	jabber	< 12.6.3	Yes
Application	cisco	jabber	< 12.7.2	Yes
Application	cisco	jabber	< 12.8.3	Yes
Application	cisco	jabber	< 12.9.1	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-G3NSjPn7 Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-G3NSjPn7 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)