First published: Thu Sep 05 2019(Updated: )
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Jabber | <12.6\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12645.
The severity of CVE-2019-12645 is high, with a CVSS score of 7.8.
The affected software is Cisco Jabber for Mac client version up to and including 12.6(1).
An authenticated, local attacker can exploit this vulnerability to execute arbitrary code on an affected device.
Yes, Cisco has released a security advisory with details on how to mitigate this vulnerability.