April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability
October 6, 2022Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability
October 6, 2022Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability
October 6, 2022Rewterz Threat Advisory – CVE-2022-20793 – Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices Vulnerability
October 6, 2022
Severity
Medium
Analysis Summary
CVE-2022-20917
Cisco Jabber Client Software is vulnerable to HTTP request smuggling, caused by improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. By connecting to an XMPP messaging server and sending specially crafted XMPP messages to an affected Jabber client, a remote authenticated attacker could exploit this vulnerability to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.
Impact
Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-20917
Affected Vendors
Cisco
Affected Products
Cisco Jabber Client Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
