PT-2020-3855 · Cisco · Cisco Jabber For Windows

Published

2020-09-03

Updated

2021-10-19

CVE-2020-3537

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cisco Jabber for Windows (affected versions not specified)

Description: The issue is related to improper validation of message contents, which could allow an authenticated, remote attacker to gain access to sensitive information. An attacker could exploit this by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. This could allow the attacker to cause the application to access a remote system, possibly gaining access to sensitive information for use in additional attacks.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-04217

CVE-2020-3537

Affected Products

Cisco Jabber For Windows

PT-2020-3855 · Cisco · Cisco Jabber For Windows

CVE-2020-3537

Weakness Enumeration

Related Identifiers

Affected Products

References · 4