- Cisco Jabber 11.9
- What Is Cisco Jabber
- Cisco Jabber 11.9 Free
- Cisco Jabber 11.9 User Guide
- Cisco Jabber 11.9.3
- Cisco Jabber 11.9 Download Windows 10
Current Description
Symptom: Jabber SSO cookie refresh will fail do to the SAML request to SSO IDP being to large. The cause of this issue is SAML session cookies being incremented. Each time Jabber authenticates to the IdP, the IdP returns a successful SamlResponse to the client and provides a SamlSession Cookie to be saved by browser. Jabber 11.9 with Contacts and Without Chat and Presence Hello, we have cucm 11.5 and Jabber 11.9 and we want that som users will use Jabber for CTI without Chat and Presence with Contact Button on Client. Quick Start Guide for Cisco Jabber for Windows 11.9 Created Date: 8/7/2017 12:25:20 PM.
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.
Analysis Description
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.
Severity
CVSS 3.x Severity and Metrics:Cisco Jabber 11.9
Weakness Enumeration
What Is Cisco Jabber
CWE-ID | CWE Name | Source |
---|---|---|
CWE-427 | Uncontrolled Search Path Element | NIST |
CWE-264 | Permissions, Privileges, and Access Controls | Cisco Systems, Inc. |
Cisco Jabber 11.9 Free
Known Affected Software Configurations Switch to CPE 2.2
Cisco Jabber 11.9 User Guide
Cisco Jabber 11.9.3
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.