CVE-2020-27127

Published Dec 11, 2020

Last updated a year ago

CVSS critical 9.9

Overview

Description: Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.9
Impact score: 6
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269
ykramarz@cisco.com: CWE-201

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(0\\):*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8F2C6E4-639B-4557-A1C1-44F664E98784"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(0\\):*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7775123-B511-4810-B2DB-776BE278648F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(1\\):*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6BAF772-A705-4E55-8CA0-3C9FE0F61A35"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(1\\):*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23991C5B-56E3-4723-912A-155DF7324B20"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(2\\):*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A77DF5-2341-4119-9C48-15E6848CAFA7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(2\\):*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DEF86BE-BA05-4E1A-9BEB-57D3BA3B05BE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(3\\):*:*:*:*:macos:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CB72AC-CA44-4E8B-97E0-F0C4F46655F5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber:12.9\\(3\\):*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F038BD4-07F9-424B-876C-BEA8DB4038AE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber_for_mobile_platforms:12.9\\(0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5800BE8-D0FD-4E41-98EF-2600D96E716E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber_for_mobile_platforms:12.9\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B307A9E-AF3C-4CA9-A034-BB5E89E485E2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber_for_mobile_platforms:12.9\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F39010B3-D28E-4CFB-8818-9D2FCCB729B9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:jabber_for_mobile_platforms:12.9\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75FBB0C7-5BE1-47A0-9255-FB54940D8BA8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References