CVE-2022-20917
Cisco Jabber XMPP Stanza Smuggling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.
This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.
Una vulnerabilidad en el Extensible Messaging y Presence Protocol (XMPP) característica del procesamiento de mensajes de Cisco Jabber podría permitir que un atacante remoto autenticado manipule el contenido de los mensajes XMPP que utiliza la aplicación afectada. Esta vulnerabilidad se debe al manejo inadecuado de mensajes XMPP anidados dentro de las solicitudes que se envían al software cliente Cisco Jabber. Un atacante podría aprovechar esta vulnerabilidad conectándose a un servidor de mensajería XMPP y enviando mensajes XMPP manipulados a un cliente Jabber afectado. Un exploit exitoso podría permitir al atacante manipular el contenido de los mensajes XMPP, lo que posiblemente le permitiría provocar que la aplicación cliente Jabber realice acciones inseguras.
There is a vulnerability in Cisco Jabber that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Cisco Jabber client, including XMPP stanzas that are normally sent only by the trusted server.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-02 CVE Reserved
- 2022-10-20 CVE Published
- 2024-09-21 EPSS Updated
- 2024-09-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | < 12.6.6 Search vendor "Cisco" for product "Jabber" and version " < 12.6.6" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | < 12.8.8 Search vendor "Cisco" for product "Jabber" and version " < 12.8.8" | macos |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | < 14.1.4 Search vendor "Cisco" for product "Jabber" and version " < 14.1.4" | android |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | < 14.1.4 Search vendor "Cisco" for product "Jabber" and version " < 14.1.4" | iphone_os |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 12.7 < 12.7.6 Search vendor "Cisco" for product "Jabber" and version " >= 12.7 < 12.7.6" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 12.8 < 12.8.7 Search vendor "Cisco" for product "Jabber" and version " >= 12.8 < 12.8.7" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 12.9 < 12.9.7 Search vendor "Cisco" for product "Jabber" and version " >= 12.9 < 12.9.7" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 12.9 < 12.9.8 Search vendor "Cisco" for product "Jabber" and version " >= 12.9 < 12.9.8" | macos |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 14.0 < 14.0.5 Search vendor "Cisco" for product "Jabber" and version " >= 14.0 < 14.0.5" | macos |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 14.0 < 14.0.5 Search vendor "Cisco" for product "Jabber" and version " >= 14.0 < 14.0.5" | windows |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 14.1 < 14.1.3 Search vendor "Cisco" for product "Jabber" and version " >= 14.1 < 14.1.3" | macos |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Jabber Search vendor "Cisco" for product "Jabber" | >= 14.1 < 14.1.3 Search vendor "Cisco" for product "Jabber" and version " >= 14.1 < 14.1.3" | windows |
Affected
| ||||||