Show filters

Showing topic results for "CVE-2020-3495":

(1-2 of 2)

Sort by:
Attacker Value
High

CVE-2020-3495

Disclosure Date: September 04, 2020 (last updated September 10, 2020)
Cisco Jabber is vulnerable to Cross Site Scripting (XSS) through XHTML-IM messages. The application does not properly sanitize incoming HTML messages and instead passes them through a flawed XSS filter.
2
Attacker Value
Very High

CVE-2020-3430

Disclosure Date: September 04, 2020 (last updated September 10, 2020)
Upon installation, Cisco Jabber registers protocol handlers for a number of different protocols. These are used to tell the operating system that whenever a user clicks on a URL containing one of the custom protocols (e.g. ciscoim:test@example.com) the URL should be passed to Cisco Jabber. In this case, the protocol handlers specify that the URL should be passed as a command line flag. These protocol handlers are vulnerable to command injection because they fail to consider URLs that contain spaces. By including a space in the URL, an attacker can inject arbitrary command line flags that will be passed to the application. Since the application uses CEF and accepts Chromium command line flags, several flags that can be used to execute arbitrary commands or load arbitrary DLLs exist. An example of such a flag is --GPU-launcher. This flag specifies a command that will be executed when CEFs GPU process is started. This vulnerability can be combined with the XSS vulnerability to achieve code execution without transferring any files to the victim. This makes it possible to deliver malware without writing any files to disk, thus bypassing most antivirus software.
Attack Vector: Network Privileges: None User Interaction: Required
1