The patch that wasn’t: Cisco emits fresh fixes for NTLM hash-spilling vuln and XSS-RCE combo in Jabber app

10 December 2020

A previous patch for Cisco’s Jabber chat product did not in fact fix four vulnerabilities – including one remote code execution (RCE) flaw that would allow malicious people to hijack targeted devices by sending a carefully crafted message. Norwegian infosec biz Watchcom spotted the vulnerabilities, having been asked by a client to verify that a previous patch for CVE-2020-26085 worked as advertised.

Read full article on The Register

Date:

10 December 2020

Categorie(s):

NEWS

Tag(s):

Cisco, Cisco Jabber, Infrastructure Development, Jabber, Networking

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit15 November 2024
Drinking water systems for 26M Americans face high cybersecurity risks15 November 2024
AI, hybrid identity, and cybersecurity’s next frontier: Key takeaways from Semperis CEO at HIP conference15 November 2024
For November, Patch Tuesday includes three Windows zero-day fixes15 November 2024
Keyboard robbers steal 171k customers’ data from AnnieMac mortgage house15 November 2024