Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

From threatpost.com

cisco jabber security flaw

An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.

Researchers are warning of a critical remote code-execution (RCE) flaw in the Windows version of Cisco Jabber, the networking company’s video-conferencing and instant-messaging application. Attackers can exploit the flaw merely by sending targets specially crafted messages – no user interaction required.

The flaw (CVE-2020-3495) has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory. Researchers with Watchcom, who discovered the flaw, said that with remote workforces surging during the coronavirus pandemic, the implications of the vulnerability are especially serious.

Read more…