CVE-2021-1418

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::macos::*
	cpe:2.3:a:cisco:jabber::::::android::*
	cpe:2.3:a:cisco:jabber::::::iphone_os::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::macos::*

History

29 Mar 2021, 17:46

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cisco:jabber::::::macos::* cpe:2.3:a:cisco:jabber::::::windows::* cpe:2.3:a:cisco:jabber::::::android::* cpe:2.3:a:cisco:jabber::::::iphone_os::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 6.5
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC - Vendor Advisory

24 Mar 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-24 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-1418

Mitre link : CVE-2021-1418

CVE.ORG link : CVE-2021-1418

JSON object : View

Products Affected

cisco

jabber

CWE

CWE-170

Improper Null Termination

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-1418

6.5^/10

4.0^/10

Attach tags to `CVE-2021-1418`