How Cisco Jabber Vulnerability Permits the Hackers to Lead Remote Attack?

How Cisco Jabber Vulnerability Permits the Hackers to Lead Remote Attack?

On 24th March, Cisco released another software update that is going to identify various vulnerabilities that affect their Jabber messaging application used by Windows, macOS, iOS, and Android users.

These flaws permit the attacker to execute an arbitrary code that underlying the operating system which is having the elevated privileges that got the access of sensitive information that intercept and protect the traffic of network or may create DOS condition.

This entire issue is holding 5 no of vulnerabilities of which three of them are identified as CVE-2021-1411, CVE-2021-1417, and CVE-2021-1418, and the other two are known as CVE-2021-1469 and CVE-2021-1471, these are identified during the security testing.

However, the organization also notes that these flaws are not dependent on each other, whereas these exploits don’t connect. But if we talk about the order of these vulnerabilities, then the hackers need to authenticate each request from Extensible Messaging and Presence Protocol server and they can send or run the XMPP messages.

What Vulnerabilities are Founded?

Whereas, CVE-2021-1411 is very complicated because it executed the arbitrary program in Windows, and it is having a CVSS score of 9.9 out of 10. Cisco state that these vulnerabilities are created due to improper validation of message content, therefore making this possible or manipulating the vulnerabilities the attackers may send the specially modified XMPP messages to the client that execute the arbitrary code and having the privileges a the user accounts are running on the infected system.

How Cisco Jabber Vulnerability Permits the Hackers to Lead Remote Attack?

Apart from this other vulnerabilities detected also fixed in this update driven by the organization and other information related to these flaws are listed below;

  • CVE-2021-1417: (Windows) This vulnerability is caused due to the failure of message content that may leak the sensitive user information and may generate the leads for future attacks.
  • CVE-2021-1469: (Windows) This is caused due to improper validation of message content that may lead to the execution of arbitrary code.
  • CVE-2021-1471: (Windows, macOS, Android, iOS) This is a certificate validation vulnerability that may manipulate and intercept the network request or even modified the connection between the Jabber client and the server.
  • CVE-2021-1418: (Windows, macOS, Android, iOS) This issue is created due to another improper validation of message content that may be exploited by send the specially crafted XMPP messages and create a DOS situation.

Summering Up

Since this is not the first time when Cisco is aware of these vulnerabilities. In September 2020, a security firm named Watchcom also identified these flaws. However, the organization fixed the four flaws but three or four are not sufficiently mitigated in September.

While maintaining the security and privacy more secured the organization also released more than 37 advisories that described these security updates in detail and it also holds the list of updates that are fixed the high severity security issues present in the Cisco products.

Leave a Reply