Security Alert: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

March 31, 2021 | Posted in:

Security Bulletins & Alerts

Systems Engineering is aware of multiple vulnerabilities within Cisco Jabber Client software. These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for Mobile platforms. Vulnerabilities include:

Cisco Jabber Platform Associated CVE IDs
CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471
CVE-2021-1418 and CVE-2021-1471
Android and iOS
CVE-2021-1418 and CVE-2021-1471

Webex Teams Messaging Mode clients and Phone-only Mode Jabber Clients are not affected. Vulnerabilities are against the XMPP server, which is used for Jabber messaging. 

According to Cisco, the vulnerabilities could allow an attacker to execute arbitrary programs on the underlying operating system, access sensitive information, intercept protected network traffic, or cause a denial of service condition. Exploitation does require an attacker to authenticate and be able to send Jabber Messages. These vulnerabilities are not dependent on one another to be exploited.

More details and vulnerability specifics can be found on Cisco's website.

Course of Action

Systems Engineering recommends customers upgrade their Jabber Client as soon as possible. There are no workarounds to address listed vulnerabilities. You can download fixed versions of the Jabber Client from Cisco’s website with a Cisco account and valid service contract. 

If you are a current Systems Engineering client and need assistance with applying the security update to your Jabber Client, reach out to Customer Service at 207.772.4199 to schedule an engineering engagement.