Rob Vinson

Name of the Vulnerable Software and Affected Versions: IGEL OS versions prior to 11.04.270 Description: A command injection issue exists due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. Recommendations: For IGEL OS versions prior to 11.04.270, update to version 11.04.270 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP ports 30022 and 5900 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Jabber for Windows (affected versions not specified) Cisco Jabber for Mac (affected versions not specified) Cisco Jabber for mobile platforms (affected versions not specified) **Description** The issue is related to errors in resource management in the Cisco Jabber software platform. An attacker could exploit this to cause a denial of service (DoS) condition by sending a specially crafted XMPP message. This could allow an attacker to access sensitive information or disrupt service. **Recommendations** For Cisco Jabber for Windows, consider restricting access to the XMPP protocol until a fix is available. For Cisco Jabber for Mac, avoid using the software for sensitive operations until the issue is resolved. For Cisco Jabber for mobile platforms, as a temporary workaround, consider disabling the XMPP messaging functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.