Exposure of Resource to Wrong Sphere in Cisco Systems, Inc products - CVE-2022-20917
Published: October 6, 2022
Vulnerability identifier: #VU67953
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20917
CWE-ID: CWE-668
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Jabber for Windows
Cisco Jabber for MacOS
Cisco Jabber for Android and iOS
Cisco Jabber for Android MAM
Cisco Jabber for iOS MAM
Cisco Jabber for Windows
Cisco Jabber for MacOS
Cisco Jabber for Android and iOS
Cisco Jabber for Android MAM
Cisco Jabber for iOS MAM
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to the improper handling of nested Extensible Messaging and Presence Protocol (XMPP) messages. A remote user can send specially crafted XMPP messages and cause the Jabber client application to perform unsafe actions.
How to mitigate CVE-2022-20917
Install updates from vendor's website.