{"api_version":"1","generated_at":"2026-04-23T08:14:48+00:00","cve":"CVE-2022-20917","urls":{"html":"https://cve.report/CVE-2022-20917","api":"https://cve.report/api/cve/CVE-2022-20917.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-20917","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-20917"},"summary":{"title":"CVE-2022-20917","description":"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r\n This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2023-09-15 03:15:00","updated_at":"2024-01-25 17:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM","refsource":"MISC","tags":[],"title":"Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-20917","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20917","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"20917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"jabber","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"20917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"jabber","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"20917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"jabber","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"20917","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"jabber","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-20917","qid":"317244","title":"Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability (cisco-sa-jabber-xmpp-Ne9SCM)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-20917","ASSIGNER":"psirt@cisco.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r\n This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Cisco","product":{"product_data":[{"product_name":"Cisco Jabber","version":{"version_data":[{"version_affected":"=","version_value":"10.5(0)"},{"version_affected":"=","version_value":"10.5(1)"},{"version_affected":"=","version_value":"10.5(2)"},{"version_affected":"=","version_value":"10.5(3)"},{"version_affected":"=","version_value":"10.5(4)"},{"version_affected":"=","version_value":"10.5(5)"},{"version_affected":"=","version_value":"10.5(6)"},{"version_affected":"=","version_value":"10.6(0)"},{"version_affected":"=","version_value":"10.6(1)"},{"version_affected":"=","version_value":"10.6(2)"},{"version_affected":"=","version_value":"10.6(3)"},{"version_affected":"=","version_value":"10.6(4)"},{"version_affected":"=","version_value":"10.6(5)"},{"version_affected":"=","version_value":"10.6(6)"},{"version_affected":"=","version_value":"10.6(7)"},{"version_affected":"=","version_value":"10.6(10)"},{"version_affected":"=","version_value":"10.6(11)"},{"version_affected":"=","version_value":"10.6(12)"},{"version_affected":"=","version_value":"10.6(8)"},{"version_affected":"=","version_value":"10.6(9)"},{"version_affected":"=","version_value":"11.0(0)"},{"version_affected":"=","version_value":"11.0(1)"},{"version_affected":"=","version_value":"11.0(2)"},{"version_affected":"=","version_value":"11.1(0)"},{"version_affected":"=","version_value":"11.1(1)"},{"version_affected":"=","version_value":"11.1(2)"},{"version_affected":"=","version_value":"11.1(3)"},{"version_affected":"=","version_value":"11.1(4)"},{"version_affected":"=","version_value":"11.5(0)"},{"version_affected":"=","version_value":"11.5(1)"},{"version_affected":"=","version_value":"11.5(2)"},{"version_affected":"=","version_value":"11.5(3)"},{"version_affected":"=","version_value":"11.5(4)"},{"version_affected":"=","version_value":"11.5(5)"},{"version_affected":"=","version_value":"11.5(6)"},{"version_affected":"=","version_value":"11.6(0)"},{"version_affected":"=","version_value":"11.6(1)"},{"version_affected":"=","version_value":"11.6(2)"},{"version_affected":"=","version_value":"11.6(3)"},{"version_affected":"=","version_value":"11.6(4)"},{"version_affected":"=","version_value":"11.7(0)"},{"version_affected":"=","version_value":"11.7(1)"},{"version_affected":"=","version_value":"11.7(2)"},{"version_affected":"=","version_value":"11.8(0)"},{"version_affected":"=","version_value":"11.8(1)"},{"version_affected":"=","version_value":"11.8(2)"},{"version_affected":"=","version_value":"11.8(3)"},{"version_affected":"=","version_value":"11.8(4)"},{"version_affected":"=","version_value":"11.8(5)"},{"version_affected":"=","version_value":"11.9(0)"},{"version_affected":"=","version_value":"11.9(1)"},{"version_affected":"=","version_value":"11.9(2)"},{"version_affected":"=","version_value":"11.9(3)"},{"version_affected":"=","version_value":"12.0(0)"},{"version_affected":"=","version_value":"12.0(1)"},{"version_affected":"=","version_value":"12.1(0)"},{"version_affected":"=","version_value":"12.1(1)"},{"version_affected":"=","version_value":"12.1(2)"},{"version_affected":"=","version_value":"12.1(3)"},{"version_affected":"=","version_value":"12.1(4)"},{"version_affected":"=","version_value":"12.1(5)"},{"version_affected":"=","version_value":"12.5(0)"},{"version_affected":"=","version_value":"12.5(1)"},{"version_affected":"=","version_value":"12.5(2)"},{"version_affected":"=","version_value":"12.5(3)"},{"version_affected":"=","version_value":"12.5(4)"},{"version_affected":"=","version_value":"12.6(0)"},{"version_affected":"=","version_value":"12.6(1)"},{"version_affected":"=","version_value":"12.6(2)"},{"version_affected":"=","version_value":"12.6(3)"},{"version_affected":"=","version_value":"12.6(4)"},{"version_affected":"=","version_value":"12.6(5)"},{"version_affected":"=","version_value":"12.7(0)"},{"version_affected":"=","version_value":"12.7(1)"},{"version_affected":"=","version_value":"12.7(2)"},{"version_affected":"=","version_value":"12.7(3)"},{"version_affected":"=","version_value":"12.7(4)"},{"version_affected":"=","version_value":"12.7(5)"},{"version_affected":"=","version_value":"12.8(0)"},{"version_affected":"=","version_value":"12.8(1)"},{"version_affected":"=","version_value":"12.8(2)"},{"version_affected":"=","version_value":"12.8(3)"},{"version_affected":"=","version_value":"12.8(4)"},{"version_affected":"=","version_value":"12.8(5)"},{"version_affected":"=","version_value":"12.8(6)"},{"version_affected":"=","version_value":"12.8(7)"},{"version_affected":"=","version_value":"12.9(0)"},{"version_affected":"=","version_value":"12.9(1)"},{"version_affected":"=","version_value":"12.9(2)"},{"version_affected":"=","version_value":"12.9(3)"},{"version_affected":"=","version_value":"12.9(4)"},{"version_affected":"=","version_value":"12.9(5)"},{"version_affected":"=","version_value":"12.9(6)"},{"version_affected":"=","version_value":"8.6(1)"},{"version_affected":"=","version_value":"8.6(2)"},{"version_affected":"=","version_value":"8.6(3)"},{"version_affected":"=","version_value":"8.6(4)"},{"version_affected":"=","version_value":"8.6(5)"},{"version_affected":"=","version_value":"8.6(6)"},{"version_affected":"=","version_value":"8.6(7)"},{"version_affected":"=","version_value":"9.0(1)"},{"version_affected":"=","version_value":"9.0(2)"},{"version_affected":"=","version_value":"9.0(3)"},{"version_affected":"=","version_value":"9.0(4)"},{"version_affected":"=","version_value":"9.0(5)"},{"version_affected":"=","version_value":"9.1(0)"},{"version_affected":"=","version_value":"9.1(1)"},{"version_affected":"=","version_value":"9.1(2)"},{"version_affected":"=","version_value":"9.1(3)"},{"version_affected":"=","version_value":"9.1(4)"},{"version_affected":"=","version_value":"9.1(5)"},{"version_affected":"=","version_value":"9.2(0)"},{"version_affected":"=","version_value":"9.2(1)"},{"version_affected":"=","version_value":"9.2(2)"},{"version_affected":"=","version_value":"9.2(3)"},{"version_affected":"=","version_value":"9.2(4)"},{"version_affected":"=","version_value":"9.2(5)"},{"version_affected":"=","version_value":"9.2(6)"},{"version_affected":"=","version_value":"9.2(7)"},{"version_affected":"=","version_value":"9.3(1)"},{"version_affected":"=","version_value":"9.3(2)"},{"version_affected":"=","version_value":"9.5(0)"},{"version_affected":"=","version_value":"9.6(0)"},{"version_affected":"=","version_value":"9.6(1)"},{"version_affected":"=","version_value":"9.6(2)"},{"version_affected":"=","version_value":"9.6(3)"},{"version_affected":"=","version_value":"9.6(4)"},{"version_affected":"=","version_value":"9.7(0)"},{"version_affected":"=","version_value":"9.7(1)"},{"version_affected":"=","version_value":"9.7(2)"},{"version_affected":"=","version_value":"9.7(3)"},{"version_affected":"=","version_value":"9.7(4)"},{"version_affected":"=","version_value":"9.7(5)"},{"version_affected":"=","version_value":"9.7(6)"},{"version_affected":"=","version_value":"9.7(7)"},{"version_affected":"=","version_value":"Jabber For Windows"},{"version_affected":"=","version_value":"14.0(0)"},{"version_affected":"=","version_value":"14.0(1)"},{"version_affected":"=","version_value":"14.0(2)"},{"version_affected":"=","version_value":"14.0(3)"},{"version_affected":"=","version_value":"14.0(4)"},{"version_affected":"=","version_value":"11.2(0)"},{"version_affected":"=","version_value":"11.2(1)"},{"version_affected":"=","version_value":"14.1(0)"},{"version_affected":"=","version_value":"14.1(1)"},{"version_affected":"=","version_value":"14.1(2)"}]}}]}}]}},"references":{"reference_data":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM","refsource":"MISC","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-xmpp-Ne9SCM"}]},"source":{"advisory":"cisco-sa-jabber-xmpp-Ne9SCM","discovery":"EXTERNAL","defects":["CSCwc24382"]},"exploit":[{"lang":"en","value":"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}],"impact":{"cvss":[{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}]}},"nvd":{"publishedDate":"2023-09-15 03:15:00","lastModifiedDate":"2024-01-25 17:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"14.1.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:android:*:*","versionEndExcluding":"14.1.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:macos:*:*","versionEndExcluding":"12.8.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:macos:*:*","versionStartIncluding":"12.9","versionEndExcluding":"12.9.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:macos:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:macos:*:*","versionStartIncluding":"14.1","versionEndExcluding":"14.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionStartIncluding":"14.1","versionEndExcluding":"14.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.0.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionStartIncluding":"12.9","versionEndExcluding":"12.9.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionStartIncluding":"12.8","versionEndExcluding":"12.8.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionStartIncluding":"12.7","versionEndExcluding":"12.7.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.6.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"20917","Ordinal":"220140","Title":"CVE-2022-20917","CVE":"CVE-2022-20917","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"20917","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}