First published: Fri Sep 04 2020(Updated: )
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Jabber | >=12.1<12.1.3 | |
Cisco Jabber | >=12.5<12.5.2 | |
Cisco Jabber | >=12.6<12.6.3 | |
Cisco Jabber | >=12.7<12.7.2 | |
Cisco Jabber | >=12.8<12.8.3 | |
Cisco Jabber | >=12.9<12.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3498 is a vulnerability in Cisco Jabber software that could allow an authenticated, remote attacker to gain access to sensitive information.
CVE-2020-3498 is caused by improper validation of message contents in Cisco Jabber software. An attacker can exploit this vulnerability by sending specially crafted messages.
Cisco Jabber versions 12.1 through 12.9 are affected by CVE-2020-3498.
CVE-2020-3498 has a severity score of 6.5 (medium).
To fix CVE-2020-3498, it is recommended to update Cisco Jabber software to a version that is not affected by the vulnerability.