{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-016.pdf"
    },
    "title": "Critical Vulnerabilities in Cisco Products",
    "serial_number": "2021-016",
    "publish_date": "25-03-2021 10:43:00",
    "description": "On 24th of March 2021, Cisco released several security updates to address several security vulnerabilities. The list includes a critical one, affecting Cisco Jabber Desktop and Mobile Client Software: CVE-2021-1411 with a CVSS score of 9.9 out of 10.<br>Vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition.",
    "url_title": "2021-016",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Cisco\u00a0Products'\nversion: '1.0'\nnumber: '2021-016'\ndate: 'March 25, 2021'\n---\n\n# Summary\n\nOn 24th of March 2021, Cisco released several security updates to address several security vulnerabilities [1]. The list includes a critical one, affecting Cisco Jabber Desktop and Mobile Client Software: CVE-2021-1411 with a CVSS score of 9.9 out of 10 [2].\n\nVulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition [2].\n\n# Technical Details\n\n## Critical Vulnerability\n\n**CVE-2021-1411** _(CVSS 9.9)_: Cisco Jabber Arbitrary Program Execution Vulnerability\n\nThe vulnerability can be only exploited by attackers that are authenticated to an XMPP server used by the vulnerable software which is used to send specially-crafted XMPP messages to a vulnerable device. The flaw could be exploited without user interaction by an authenticated, remote attacker to execute arbitrary code on Windows, macOS, Android, or iOS devices running unpatched Jabber client software.\n\n## Other Related Vulnerabilities\n\n**CVE-2021-1469** _(CVSS 7.2)_: Arbitrary Program Execution Vulnerability\n\n**CVE-2021-1417** _(CVSS 6.5)_: Information Disclosure Vulnerability\n\n**CVE-2021-1471** _(CVSS 5.6)_: Certificate Validation Vulnerability\n\n**CVE-2021-1418** _(CVSS 4.3)_: Denial of Service Vulnerability\n\nThe Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of these vulnerabilities.\n\n# Products Affected\n\nThese vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms [2].\n\n|Cisco Jabber Platform|Associated CVE IDs|\n|---------------------|:---------------------------------------------------------------:|\n|Windows |\tCVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471|\n|MacOS |\tCVE-2021-1418 and CVE-2021-1471|\n|Android and iOS |\tCVE-2021-1418 and CVE-2021-1471|\n\n# Recommendations\n\nCisco has released software updates that address these critical vulnerabilities [1, 2].\n\nThere are no workarounds that address these vulnerabilities.\n\nCERT-EU recommends updating the vulnerable application as soon as possible.\n\n\n# References\n\n[1] <https://tools.cisco.com/security/center/publicationListing.x>\n\n[2] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC>\n",
    "content_html": "<h2 id=\"summary\">Summary</h2><p>On 24th of March 2021, Cisco released several security updates to address several security vulnerabilities [1]. The list includes a critical one, affecting Cisco Jabber Desktop and Mobile Client Software: CVE-2021-1411 with a CVSS score of 9.9 out of 10 [2].</p><p>Vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition [2].</p><h2 id=\"technical-details\">Technical Details</h2><h3 id=\"critical-vulnerability\">Critical Vulnerability</h3><p><strong>CVE-2021-1411</strong> <em>(CVSS 9.9)</em>: Cisco Jabber Arbitrary Program Execution Vulnerability</p><p>The vulnerability can be only exploited by attackers that are authenticated to an XMPP server used by the vulnerable software which is used to send specially-crafted XMPP messages to a vulnerable device. The flaw could be exploited without user interaction by an authenticated, remote attacker to execute arbitrary code on Windows, macOS, Android, or iOS devices running unpatched Jabber client software.</p><h3 id=\"other-related-vulnerabilities\">Other Related Vulnerabilities</h3><p><strong>CVE-2021-1469</strong> <em>(CVSS 7.2)</em>: Arbitrary Program Execution Vulnerability</p><p><strong>CVE-2021-1417</strong> <em>(CVSS 6.5)</em>: Information Disclosure Vulnerability</p><p><strong>CVE-2021-1471</strong> <em>(CVSS 5.6)</em>: Certificate Validation Vulnerability</p><p><strong>CVE-2021-1418</strong> <em>(CVSS 4.3)</em>: Denial of Service Vulnerability</p><p>The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of these vulnerabilities.</p><h2 id=\"products-affected\">Products Affected</h2><p>These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms [2].</p><table><thead><tr><th>Cisco Jabber Platform</th><th style=\"text-align:center;\">Associated CVE IDs</th></tr></thead><tbody><tr><td>Windows</td><td style=\"text-align:center;\">CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471</td></tr><tr><td>MacOS</td><td style=\"text-align:center;\">CVE-2021-1418 and CVE-2021-1471</td></tr><tr><td>Android and iOS</td><td style=\"text-align:center;\">CVE-2021-1418 and CVE-2021-1471</td></tr></tbody></table><h2 id=\"recommendations\">Recommendations</h2><p>Cisco has released software updates that address these critical vulnerabilities [1, 2].</p><p>There are no workarounds that address these vulnerabilities.</p><p>CERT-EU recommends updating the vulnerable application as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/publicationListing.x\">https://tools.cisco.com/security/center/publicationListing.x</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}