OpenCVE

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Jabber

Configuration 1 [-]

OR	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*
	cpe:2.3:a:cisco:jabber::::::windows::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3

History

Wed, 13 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-09-04T02:25:47.669535Z

Updated: 2024-11-13T18:08:23.972Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3498

Vulnrichment

Updated: 2024-08-04T07:37:54.370Z

NVD

Status : Modified

Published: 2020-09-04T03:15:10.527

Modified: 2023-11-07T03:22:48.507

Link: CVE-2020-3498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco Jabber", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-09-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T02:25:47", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}], "source": {"advisory": "cisco-sa-jabber-ttcgB9R3", "defect": [["CSCvu71180"]], "discovery": "INTERNAL"}, "title": "Cisco Jabber for Windows Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-09-02T16:00:00", "ID": "CVE-2020-3498", "STATE": "PUBLIC", "TITLE": "Cisco Jabber for Windows Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Jabber", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}]}, "source": {"advisory": "cisco-sa-jabber-ttcgB9R3", "defect": [["CSCvu71180"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:37:54.370Z"}, "title": "CVE Program Container", "references": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T17:24:11.401511Z", "id": "CVE-2020-3498", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T18:08:23.972Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3498", "datePublished": "2020-09-04T02:25:47.669535Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:08:23.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Cisco Jabber", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-09-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T02:25:47", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}], "source": {"advisory": "cisco-sa-jabber-ttcgB9R3", "defect": [["CSCvu71180"]], "discovery": "INTERNAL"}, "title": "Cisco Jabber for Windows Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-09-02T16:00:00", "ID": "CVE-2020-3498", "STATE": "PUBLIC", "TITLE": "Cisco Jabber for Windows Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Jabber", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}]}, "source": {"advisory": "cisco-sa-jabber-ttcgB9R3", "defect": [["CSCvu71180"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:37:54.370Z"}, "title": "CVE Program Container", "references": [{"name": "20200902 Cisco Jabber for Windows Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-3498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-13T17:24:11.401511Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T17:27:53.654Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3498", "datePublished": "2020-09-04T02:25:47.669535Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:08:23.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "10F7716B-4743-4437-80CA-2D79EA8C5655", "versionEndExcluding": "12.1.3", "versionStartIncluding": "12.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "502C7D8C-8216-42A9-9751-2398BCBC474E", "versionEndExcluding": "12.5.2", "versionStartIncluding": "12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9C3A1FEE-4A0E-450E-A324-E1007C49140C", "versionEndExcluding": "12.6.3", "versionStartIncluding": "12.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "9CB2B0D5-F8B9-4749-9CA9-747C01E4CFFC", "versionEndExcluding": "12.7.2", "versionStartIncluding": "12.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FCF47CAC-7687-42D8-AE99-906FB0EA1561", "versionEndExcluding": "12.8.3", "versionStartIncluding": "12.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:windows:*:*", "matchCriteriaId": "14F9350F-57C1-4B2C-9270-EAAB5EE87E67", "versionEndExcluding": "12.9.1", "versionStartIncluding": "12.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco Jabber podr\u00eda permitir a un atacante remoto autenticado conseguir acceso a informaci\u00f3n confidencial. La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de los contenidos de mensaje. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo mensajes especialmente dise\u00f1ados hacia un sistema apuntado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que la aplicaci\u00f3n devuelva informaci\u00f3n confidencial de autenticaci\u00f3n a otro sistema, posiblemente para usarla en m\u00e1s ataques"}], "id": "CVE-2020-3498", "lastModified": "2023-11-07T03:22:48.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2020-09-04T03:15:10.527", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}