Menu
Keeshia Leopoldo, InfoSec Team Lead, Cornerstone.IT
Who is affected?
Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile
Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have. #ITCornerView
Critical Cisco Jabber Bug Allows Authenticated, Remote Attacker Hack Systems
Cisco has released an advisory for multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile.
| Cisco Jabber Platform | Associated CVE IDs |
|---|---|
| Windows | CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471 |
| MacOS | CVE-2021-1418 and CVE-2021-1471 |
| Android and iOS | CVE-2021-1418 and CVE-2021-1471 |
Customers are advised to upgrade to an appropriate fixed software release as indicated in the following tables:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC| Cisco Jabber for Windows Release | First Fixed Release |
|---|---|
| Earlier than 12.1 | Migrate to a fixed release. |
| 12.1 | 12.1.5 |
| 12.5 | 12.5.4 |
| 12.6 | 12.6.5 |
| 12.7 | 12.7.4 |
| 12.8 | 12.8.5 |
| 12.9 | 12.9.5 |
| Cisco Jabber for MacOS Release | First Fixed Release |
|---|---|
| 12.7 and earlier | Migrate to a fixed release. |
| 12.8 | 12.8.7 |
| 12.9 | 12.9.6 |
| Cisco Jabber for Android and iOS Release | First Fixed Release |
|---|---|
| 12.9 and earlier | Migrate to a fixed release. |
| 14.01 | Not vulnerable. |
| Cisco Jabber | First Fixed Release |
|---|---|
| 12.9 | 12.9.1 |
#LegalIT #ITCornerView
