Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

On Wednesday, March 24th - Cisco released software updates for their messaging client: Jabber. This software update contained patches for multiple vulnerabilities that could allow an attacker to:

  • [Patched] CVE-2021-1469 (Windows) - Execute arbitrary programs on the underlying OS and gain elevated privileges
  • [Patched] CVE-2021-1417 (Windows) - Access sensitive information
  • [Patched] CVE-2021-1471 (Windows, macOS, Android, iOS) - Intercept protected network traffic
  • [Patched] CVE-2021-1418 (Windows, macOS, Android, iOS) - Cause a Denial of Service (DoS) condition

A few of these vulnerabilities were reported to Cisco via an external cybersecurity company, while some were found during internal testing. "Cisco notes that the flaws are not dependent on one another, and that exploitation of any one of the vulnerabilities doesn't hinge on the exploitation of another." [1] For these vulnerabilities to be exploited; an attacker must first find an Extensible Message and Presence Protocol (XMPP) server that is running a vulnerable version of Cisco Jabber and can send XMPP messages.

Currently, the most critical known vulnerability for Jabber is CVE-2021-1411. This vulnerability concerns arbitrary program execution on the Windows version of Jabber. This vulnerability alone, has received a Common Vulnerability Scoring System (CVSS) score of 9.9 / 10. "According to Cisco, the flaw is due to improper validation of message content, thus making it possible for an attacker to send specially-crafted XMPP messages to the vulnerable client and execute arbitrary code with the same privileges as that of the user account running the software." Please note that CVE-2021-1411 has been patched.

Sources: Cisco