QID 316897
Date Published: 2021-03-26
QID 316897: Cisco Jabber Desktop for Windows and MAC OS Multiple Vulnerabilities(cisco-sa-cisco-jabber-PWrTATTC)
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS
could allow an attacker to execute arbitrary programs on the underlying operating system
with elevated privileges, access sensitive information, intercept protected network traffic,
or cause a denial of service (DoS) condition.
Affected Products
Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms.
The following indicates which platforms are affected by each Cisco CVE ID :
Cisco Jabber Platform Associated CVE IDs
Windows CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471
MacOS CVE-2021-1418 and CVE-2021-1471
NOTE: Cisco has confirmed that these vulnerabilities, with the exception of CVE-2021-1471, do not affect Cisco Jabber client software that is configured for either of the following modes: Phone-only mode or Team Messaging Mode.
QID Detection Logic (Authenticated):
This checks for vulnerable version of AnyConnect Mobility Client.
A successful exploit could allow the attacker to inspect or modify connections between
the Cisco Jabber client and a server or execute arbitrary programs on the targeted system
with the privileges of the user account that is running the Cisco Jabber client software,
which could result in arbitrary code execution, or
cause the application to terminate, resulting in a DoS condition.
Customers are advised to refer to cisco-sa-cisco-jabber-PWrTATTC for more information.
- cisco-sa-cisco-jabber-PWrTATTC -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC
CVEs related to QID 316897
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cisco-jabber-PWrTATTC |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC |