Vulnerability Name: | CVE-2022-20917 (CCN-237834) | ||||||
Assigned: | 2021-11-02 | ||||||
Published: | 2022-10-05 | ||||||
Updated: | 2022-10-05 | ||||||
Summary: | Cisco Jabber Client Software is vulnerable to HTTP request smuggling, caused by improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. By connecting to an XMPP messaging server and sending specially crafted XMPP messages to an affected Jabber client, a remote authenticated attacker could exploit this vulnerability to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions. | ||||||
CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C)
| ||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: MITRE Type: CNA CVE-2022-20917 Source: XF Type: UNKNOWN ciscojabber-cve202220917-request-smuggling(237834) Source: CCN Type: Packet Storm Security [10-20-2022] Cisco Jabber XMPP Stanza Smuggling Source: CCN Type: Cisco Security Advisory cisco-sa-jabber-xmpp-Ne9SCM Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability | ||||||
Vulnerability Name: | CVE-2022-20917 (CCN-238632) | ||||||
Assigned: | 2021-11-02 | ||||||
Published: | 2022-10-19 | ||||||
Updated: | 2022-10-19 | ||||||
Summary: | Cisco Jabber Client Software could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of nested XMPP messages within requests. By sending specially-crafted XMPP messages, an attacker could exploit this vulnerability to manipulate the content of XMPP messages to perform unsafe actions. | ||||||
CVSS v3 Severity: | 4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||
Vulnerability Consequences: | Bypass Security | ||||||
References: | Source: MITRE Type: CNA CVE-2022-20917 Source: XF Type: UNKNOWN cisco-cve202220917-sec-bypass(238632) Source: CCN Type: cisco-sa-jabber-xmpp-Ne9SCM Cisco Jabber Client Software Extensible Messaging and Presence Protocol Stanza Smuggling Vulnerability | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |