Systems Engineering is aware of multiple vulnerabilities within Cisco Jabber Client software. These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for Mobile platforms. Vulnerabilities include:
| Cisco Jabber Platform | Associated CVE IDs |
|---|---|
|
Windows
|
CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471
|
|
MacOS
|
CVE-2021-1418 and CVE-2021-1471
|
|
Android and iOS
|
CVE-2021-1418 and CVE-2021-1471
|
Webex Teams Messaging Mode clients and Phone-only Mode Jabber Clients are not affected. Vulnerabilities are against the XMPP server, which is used for Jabber messaging.
According to Cisco, the vulnerabilities could allow an attacker to execute arbitrary programs on the underlying operating system, access sensitive information, intercept protected network traffic, or cause a denial of service condition. Exploitation does require an attacker to authenticate and be able to send Jabber Messages. These vulnerabilities are not dependent on one another to be exploited.
More details and vulnerability specifics can be found on Cisco's website.
Course of Action
Systems Engineering recommends customers upgrade their Jabber Client as soon as possible. There are no workarounds to address listed vulnerabilities. You can download fixed versions of the Jabber Client from Cisco’s website with a Cisco account and valid service contract.
If you are a current Systems Engineering client and need assistance with applying the security update to your Jabber Client, reach out to Customer Service at 207.772.4199 to schedule an engineering engagement.
