"Attackers Can Exploit Critical Cisco Jabber Flaw With One Message"

Researchers with Watchcom have discovered a critical remote code-execution (RCE) flaw in the Windows version of Cisco Jabber, a video-conferencing and instant messaging application. According to these researchers, the flaw could be exploited without the need for user interaction. Its abuse involves sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to vulnerable end-user systems running Cisco Jabber for Windows. The flaw has been given a CVSS score of 9.9 out of 10. As these types of applications have grown in use during the COVID-19 pandemic, they have become increasingly attractive targets for attackers seeking to gather sensitive information. This article continues to discuss the RCE flaw found in the Windows version of Cisco Jabber in relation to where it stems from and its potential exploitation by attackers, as well as other vulnerabilities discovered in Cisco Jabber. 

Threatpost reports "Attackers Can Exploit Critical Cisco Jabber Flaw With One Message"