#VU54206 Insufficiently protected credentials in Cisco Systems, Inc products - CVE-2021-1569
Published: June 17, 2021
Vulnerability identifier: #VU54206
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-1569
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Jabber for Windows
Cisco Jabber for MacOS
Cisco Jabber for Android and iOS
Cisco Jabber for Windows
Cisco Jabber for MacOS
Cisco Jabber for Android and iOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to improper input validation when processing messages. A remote authenticated attacker can send a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to the affected application and gain access to return sensitive authentication information to another system, which the attacker could use in further attacks.
Remediation
Install updates from vendor's website.