CVE-2021-1471

Name of the Vulnerable Software and Affected Versions Cisco Jabber for Windows (affected versions not specified) Cisco Jabber for MacOS (affected versions not specified) Cisco Jabber for mobile platforms (affected versions not specified)

Description The issue is related to insufficient certificate validation in Cisco Jabber, which could allow a remote attacker to intercept network requests from the vulnerable software and provide a maliciously crafted certificate. Multiple vulnerabilities in Cisco Jabber could also allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition.

Recommendations For Cisco Jabber for Windows, consider disabling the certificate validation function until a patch is available. For Cisco Jabber for MacOS, restrict access to sensitive information to minimize the risk of exploitation. For Cisco Jabber for mobile platforms, avoid using the software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.