SymmetricalDataSecurity: Vuln: Cisco Jabber for Windows CVE-2019-1855 DLL Loading Local Arbitrary Code Execution Vulnerability

Thursday, July 4, 2019

Vuln: Cisco Jabber for Windows CVE-2019-1855 DLL Loading Local Arbitrary Code Execution Vulnerability

Cisco Jabber for Windows is prone to an local arbitrary code-execution vulnerability.

A local attacker can leverage this issue to execute arbitrary code. Failed exploit attempts will result in a denial of service condition.

This issue is being tracked by Cisco Bug IDs CSCvo55994 and CSCvo63008.

Versions prior to Cisco Jabber for Windows 12.6(0) are vulnerable.

exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

solution

Solution:
Updates are available. Please see the references or vendor advisory for more information.

info

Bugtraq ID:	109038
Class:	Input Validation Error
CVE:	CVE-2019-1855
Remote:	No
Local:	Yes
Published:	Jul 03 2019 12:00AM
Updated:	Jul 03 2019 12:00AM
Credit:	wjcsharp.
Vulnerable:	Cisco Jabber for Windows 11.8 Cisco Jabber for Windows 9.2.1 Cisco Jabber for Windows 9.2 Cisco Jabber for Windows 9.1.5 Cisco Jabber for Windows 9.1.4 Cisco Jabber for Windows 9.1.3 Cisco Jabber for Windows 9.1.2 Cisco Jabber for Windows 9.1.1 Cisco Jabber for Windows 9.1 Cisco Jabber for Windows 9.0.5 Cisco Jabber for Windows 9.0.4 Cisco Jabber for Windows 9.0.3 Cisco Jabber for Windows 9.0.2 Cisco Jabber for Windows 9.0.1 Cisco Jabber for Windows 9.7(5) Cisco Jabber for Windows 9.7(4) Cisco Jabber for Windows 9.7(3) Cisco Jabber for Windows 9.7(2) Cisco Jabber for Windows 9.7(1) Cisco Jabber for Windows 9.7(0) Cisco Jabber for Windows 9.6(3) Cisco Jabber for Windows 9.6(2) Cisco Jabber for Windows 9.6(1) Cisco Jabber for Windows 9.6(0) Cisco Jabber for Windows 11.9(2.57651) Cisco Jabber for Windows 11.9(1) Cisco Jabber for Windows 11.9(0.54450) Cisco Jabber for Windows 11.9(0) Cisco Jabber for Windows 11.8(4.52954) Cisco Jabber for Windows 11.8(4) Cisco Jabber for Windows 11.8(3) Cisco Jabber for Windows 11.8(2) Cisco Jabber for Windows 11.8(1) Cisco Jabber for Windows 11.8(0) Cisco Jabber for Windows 11.5(1) Cisco Jabber for Windows 11.5 Cisco Jabber for Windows 11.1 Cisco Jabber for Windows 11.0 Cisco Jabber for Windows 10.6 Cisco Jabber for Windows 10.5(2)

Not Vulnerable:	Cisco Jabber for Windows 12.6(0)

references

References:

Cisco Homepage (Cisco)
cisco-sa-20190703-jabber-dll: Cisco Jabber for Windows DLL Preloading Vulnerabil (Cisco)

from SecurityFocus Vulnerabilities https://ift.tt/2xvjgfQ

SymmetricalDataSecurity

Thursday, July 4, 2019

Vuln: Cisco Jabber for Windows CVE-2019-1855 DLL Loading Local Arbitrary Code Execution Vulnerability

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews