CVE-2021-1417

Name of the Vulnerable Software and Affected Versions Cisco Jabber for Windows (affected versions not specified) Cisco Jabber for MacOS (affected versions not specified) Cisco Jabber for mobile platforms (affected versions not specified)

Description The issue is related to insufficient input validation in the Cisco Jabber platform, which could allow a remote attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. This can be achieved by sending a specially crafted XMPP message.

Recommendations For Cisco Jabber for Windows, consider restricting access to sensitive information and network traffic until a fix is available. For Cisco Jabber for MacOS, avoid using the platform for sensitive operations until the issue is resolved. For Cisco Jabber for mobile platforms, restrict the use of the platform to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.