Detections
Analytics
Cisco Jabber for Windows 9.x < 9.2(2) 'Send Screen Capture' File Write
medium Nessus Plugin ID 72728
Language:
Synopsis
The version of Cisco Jabber for Windows on the remote host is affected by an arbitrary file write vulnerability.Description
The version of Cisco Jabber for Windows installed on the remote host is 9.x prior to 9.2(2). It is, therefore, affected by an input validation error related to the 'Send Screen Capture' functionality that could allow a remote attacker to traverse directories, write arbitrary files and possibly execute arbitrary code.Solution
Upgrade to Cisco Jabber for Windows 9.2(2) or later.See Also
http://www.nessus.org/u?a77282d4
https://tools.cisco.com/security/center/viewAlert.x?alertId=32451
Plugin Details
Severity: Medium
ID: 72728
File Name: cisco_jabber_client_CSCug48056.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows
Published: 2/27/2014
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:cisco:jabber
Required KB Items: SMB/Cisco Jabber for Windows/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 1/15/2014
Vulnerability Publication Date: 1/15/2014
Reference Information
CVE: CVE-2014-0666
BID: 64965
CISCO-BUG-ID: CSCug48056