First published: Thu Nov 30 2017(Updated: )
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Jabber | =11.8\(0\) | |
Cisco Jabber | =11.8\(1\) | |
Cisco Jabber | =11.8\(2\) | |
Cisco Jabber | =11.8\(3\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Jabber for Windows vulnerability is CVE-2017-12361.
CVE-2017-12361 has a severity level of medium.
An attacker can exploit CVE-2017-12361 to access sensitive communications made by the Jabber client and gain information for further attacks.
Versions 11.8(0), 11.8(1), 11.8(2), and 11.8(3) of Cisco Jabber for Windows are affected by CVE-2017-12361.
More information about CVE-2017-12361 can be found at the following references: http://www.securityfocus.com/bid/101994, http://www.securitytracker.com/id/1039915, https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2