//mega nav ctas

Your Blog Post Title Here...

Posted On: September 24, 2020

Topic: Security

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.

cisco-jabberTo exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. Attackers may require access to the same XMPP domain or an-other method of access to be able to send messages to clients.

The issue has the follow advisory code: CVE-2020-3495

The vulnerabilities affect all currently supported versions of the Cisco Jabber client for Windows (12.1 – 12.9). Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to exploitation. There are no workarounds that address this vulnerability.

What Should You Do if Your Version of Jabber is Impacted?

Any customers running an affected version of Jabber, should upgrade as soon as possible. See the fixes in the table below:

  • Users operating version 12.1 should upgrade to 12.1.3
  • Users operating version 12.5 should upgrade to 12.5.2
  • Users operating version 12.6 should upgrade to 12.6.3
  • Users operating version 12.7 should upgrade to 12.7.2
  • Users operating version 12.8 should upgrade to 12.8.3
  • Users operating version 12.9 should upgrade to 12.9.1

The latest versions can be downloaded from the following URL:


If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about Cisco Jabber, we are here to help

Keep Moving Forward. We Got Your Back.