Vulnerability Name:

CVE-2022-20917 (CCN-237834)

Assigned:2021-11-02
Published:2022-10-05
Updated:2022-10-05
Summary:Cisco Jabber Client Software is vulnerable to HTTP request smuggling, caused by improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. By connecting to an XMPP messaging server and sending specially crafted XMPP messages to an affected Jabber client, a remote authenticated attacker could exploit this vulnerability to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.
CVSS v3 Severity:4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-20917

Source: XF
Type: UNKNOWN
ciscojabber-cve202220917-request-smuggling(237834)

Source: CCN
Type: Packet Storm Security [10-20-2022]
Cisco Jabber XMPP Stanza Smuggling

Source: CCN
Type: Cisco Security Advisory cisco-sa-jabber-xmpp-Ne9SCM
Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability

Vulnerability Name:

CVE-2022-20917 (CCN-238632)

Assigned:2021-11-02
Published:2022-10-19
Updated:2022-10-19
Summary:Cisco Jabber Client Software could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of nested XMPP messages within requests. By sending specially-crafted XMPP messages, an attacker could exploit this vulnerability to manipulate the content of XMPP messages to perform unsafe actions.
CVSS v3 Severity:4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): 
Attack Complexity (AC): 
Privileges Required (PR): 
User Interaction (UI): 
Scope:Scope (S): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
CVSS v2 Severity:4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-20917

Source: XF
Type: UNKNOWN
cisco-cve202220917-sec-bypass(238632)

Source: CCN
Type: cisco-sa-jabber-xmpp-Ne9SCM
Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:cisco:jabber:-:-:*:*:*:windows:*:*
  • OR cpe:/a:cisco:jabber:-:*:*:*:*:android:*:*
  • OR cpe:/a:cisco:jabber:-:*:*:*:*:*:ios:*

  • * Denotes that component is vulnerable
    BACK
    cisco jabber - -
    cisco jabber -
    cisco jabber -