CVE-2021-1411

Name of the Vulnerable Software and Affected Versions Cisco Jabber for Windows (affected versions not specified) Cisco Jabber for MacOS (affected versions not specified) Cisco Jabber for mobile platforms (affected versions not specified)

Description The issue allows an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. The vulnerability is related to insufficient input validation in Cisco Jabber for Windows, which can be exploited by a remote attacker sending a specially crafted XMPP message to execute arbitrary code.

Recommendations For Cisco Jabber for Windows, consider disabling the XMPP messaging functionality until a patch is available. For Cisco Jabber for MacOS and Cisco Jabber for mobile platforms, at the moment, there is no information about a newer version that contains a fix for this vulnerability.