Menu

Your Windows version of Cisco Jabber poses a security risk

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.

cisco-jabberTo exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. Attackers may require access to the same XMPP domain or an-other method of access to be able to send messages to clients.

The issue has the follow advisory code: CVE-2020-3495

The vulnerabilities affect all currently supported versions of the Cisco Jabber client for Windows (12.1 – 12.9). Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to exploitation. There are no workarounds that address this vulnerability.

What Should You Do if Your Version of Jabber is Impacted?

Any customers running an affected version of Jabber, should upgrade as soon as possible. See the fixes in the table below:

  • Users operating version 12.1 should upgrade to 12.1.3
  • Users operating version 12.5 should upgrade to 12.5.2
  • Users operating version 12.6 should upgrade to 12.6.3
  • Users operating version 12.7 should upgrade to 12.7.2
  • Users operating version 12.8 should upgrade to 12.8.3
  • Users operating version 12.9 should upgrade to 12.9.1

The latest versions can be downloaded from the following URL:

https://software.cisco.com/download/home/284324806/type/284006014/release/

If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about Cisco Jabber, we are here to help


Keep Moving Forward. We Got Your Back.

Additional Resources:

Get In Touch

Call Us

For general inquiries, call: 855.ONENECK

Immediate Assistance

Managed services support: 800.272.3077
Non-managed service support: 515.334.5755
Or visit our service desk:
Service Desk Portal

Chat With Us

Hours available: 24/7
Start a Chat

OneNeck Headquarters

525 Junction Road
Madison, WI 53717
View All Locations

Talk to Our Team